Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IdeaShare Key.exe

Overview

General Information

Sample Name:IdeaShare Key.exe
Analysis ID:876178
MD5:e6d42ac433331124c62460cfcced76a1
SHA1:ea9fc583c7bd2054a8d51e61d6b1cbeee800d344
SHA256:5faa9cd735d499eb4fbcb08a252d53020629a7418c9b6c30b00c5d2d7cc7fe25
Infos:

Detection

Score:9
Range:0 - 100
Whitelisted:false
Confidence:80%

Compliance

Score:16
Range:0 - 100

Signatures

Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Contains functionality to query network adapater information
Contains functionality for read data from the clipboard

Classification

  • System is w10x64
  • IdeaShare Key.exe (PID: 5976 cmdline: C:\Users\user\Desktop\IdeaShare Key.exe MD5: E6D42AC433331124C62460CFCCED76A1)
    • IdeaShareKeyForm.exe (PID: 5948 cmdline: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe MD5: 1A8C471F9AF78F640DC43C6C2FB533C2)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\IdeaShare Key.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: WTSAPI32.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: dwmapi.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: NETAPI32.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: WININET.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: USERENV.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: IPHLPAPI.DLL
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: d3d11.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: MSVCP140.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: dxgi.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: d3d10warp.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: WindowsCodecs.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: DNSAPI.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: UxTheme.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: VCRUNTIME140.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dllJump to behavior

Compliance

barindex
Source: C:\Users\user\Desktop\IdeaShare Key.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeJump to behavior
Source: IdeaShare Key.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: WTSAPI32.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: dwmapi.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: NETAPI32.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: WININET.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: USERENV.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: IPHLPAPI.DLL
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: d3d11.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: MSVCP140.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: dxgi.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: d3d10warp.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: WindowsCodecs.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: DNSAPI.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: UxTheme.dll
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeDLL: VCRUNTIME140.dll
Source: C:\Users\user\Desktop\IdeaShare Key.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dllJump to behavior
Source: IdeaShare Key.exeStatic PE information: certificate valid
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb,,& source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\IdeaShareRelease\IdeaShare\third-party\qtsingleapplication\release\QtSingleApp.pdb source: IdeaShare Key.exe, 00000000.00000003.357958578.0000000002924000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365942375.000000006CCA6000.00000002.00000001.01000000.00000006.sdmp, QtSingleApp.dll.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365228156.000000006CAF4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361417174.000000006B847000.00000002.00000001.01000000.0000000B.sdmp, qwindows.dll.0.dr
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004062F9 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00402E3C FindFirstFileW,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00406CAF DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: d04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: k04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: IdeaShare Key.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.color.org)
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00407277 InternetConnectA,HttpOpenRequestA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,
Source: IdeaShare Key.exe, 00000000.00000002.359007472.000000000083A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004044E9 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004050FE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,
Source: IdeaShare Key.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Widgets.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Gui.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Core.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Network.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002935000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: //VALUE "OriginalFilename", "IdeaShareKeyForm.exe" vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindows.dll( vs IdeaShare Key.exe
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004038A8 EntryPoint,GetTickCount,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,GetTickCount,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00407E74
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00406EE6
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004049B5
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: String function: 004062C7 appears 57 times
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile read: C:\Users\user\Desktop\IdeaShare Key.exeJump to behavior
Source: IdeaShare Key.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\IdeaShare Key.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Users\user\Desktop\IdeaShare Key.exe C:\Users\user\Desktop\IdeaShare Key.exe
Source: C:\Users\user\Desktop\IdeaShare Key.exeProcess created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
Source: C:\Users\user\Desktop\IdeaShare Key.exeProcess created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
Source: C:\Users\user\Desktop\IdeaShare Key.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/local/ideasharekey/qtsingleapp-ideash-193a-1-lockfile
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKeyJump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\Temp\nsk3518.tmpJump to behavior
Source: classification engineClassification label: clean9.winEXE@3/8@0/0
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_0040250B CoCreateInstance,
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004044E9 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,
Source: IdeaShare Key.exeStatic file information: File size 6338072 > 1048576
Source: IdeaShare Key.exeStatic PE information: certificate valid
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb,,& source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\IdeaShareRelease\IdeaShare\third-party\qtsingleapplication\release\QtSingleApp.pdb source: IdeaShare Key.exe, 00000000.00000003.357958578.0000000002924000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365942375.000000006CCA6000.00000002.00000001.01000000.00000006.sdmp, QtSingleApp.dll.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365228156.000000006CAF4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361417174.000000006B847000.00000002.00000001.01000000.0000000B.sdmp, qwindows.dll.0.dr
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011C100A push ecx; ret
Source: IdeaShareKeyForm.exe.0.drStatic PE information: section name: .00cfg
Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00406320 GetModuleHandleA,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dllJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeFile created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeAPI coverage: 7.8 %
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: wsprintfA,lstrcatA,GetAdaptersInfo,GetAdaptersInfo,StrStrIA,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004077D3 lstrcatA,GetSystemInfo,GlobalMemoryStatusEx,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,QueryPerformanceFrequency,wsprintfA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,wsprintfA,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_004062F9 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00402E3C FindFirstFileW,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00406CAF DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,
Source: IdeaShare Key.exeBinary or memory string: %d,%d,%d,%d,%d,%dkernel32.dllGetProductInfovmware%u,%u,%uc:\%d,%d,%d,%u~MHzHARDWARE\DESCRIPTION\System\CentralProcessor\0\%u,%u,%u,%u,%s
Source: IdeaShare Key.exeBinary or memory string: vmware
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@L
Source: IdeaShareKeyForm.exe, 00000001.00000002.363356725.000000006C7F5000.00000008.00000001.01000000.00000008.sdmpBinary or memory string: cl.?AVQEmulationPaintEngine@@L
Source: IdeaShare Key.exeBinary or memory string: vmCih
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363356725.000000006C7F5000.00000008.00000001.01000000.00000008.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011CBAD4 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00406320 GetModuleHandleA,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011CB2B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011CBAD4 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011C1415 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeQueries volume information: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll VolumeInformation
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011CB8C5 cpuid
Source: C:\Users\user\Desktop\IdeaShare Key.exeCode function: 0_2_00406820 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeCode function: 1_2_011CBE0B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API
2
DLL Search Order Hijacking
1
Process Injection
1
Masquerading
21
Input Capture
1
System Time Discovery
Remote Services21
Input Capture
Exfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts2
DLL Search Order Hijacking
1
Process Injection
LSASS Memory11
Security Software Discovery
Remote Desktop Protocol11
Archive Collected Data
Exfiltration Over Bluetooth1
Ingress Tool Transfer
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager1
System Network Configuration Discovery
SMB/Windows Admin Shares1
Clipboard Data
Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information
NTDS2
File and Directory Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
DLL Search Order Hijacking
LSA Secrets25
System Information Discovery
SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values