Source: xx.scr.exe |
ReversingLabs: Detection: 13% |
Source: xx.scr.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: xx.scr.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: xx.scr.exe |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0078C4A8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
0_2_0078C4A8 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0079E560 SendDlgItemMessageW,EndDialog,GetDlgItem,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, |
0_2_0079E560 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007AD998 FindFirstFileExA, |
0_2_007AD998 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00787FD3: _wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW, |
0_2_00787FD3 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0078F963 |
0_2_0078F963 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00783AB7 |
0_2_00783AB7 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007B4044 |
0_2_007B4044 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007960F7 |
0_2_007960F7 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00792125 |
0_2_00792125 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00799111 |
0_2_00799111 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007982D0 |
0_2_007982D0 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0078E394 |
0_2_0078E394 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00791476 |
0_2_00791476 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00796445 |
0_2_00796445 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0079976F |
0_2_0079976F |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A7738 |
0_2_007A7738 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A7967 |
0_2_007A7967 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00790949 |
0_2_00790949 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00789906 |
0_2_00789906 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0079EA07 |
0_2_0079EA07 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007AFA90 |
0_2_007AFA90 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00798C7E |
0_2_00798C7E |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00784C6E |
0_2_00784C6E |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00795E86 |
0_2_00795E86 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007AFF3E |
0_2_007AFF3E |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00782FCB |
0_2_00782FCB |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00790FAC |
0_2_00790FAC |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: String function: 007A1590 appears 57 times |
|
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: String function: 007A1D60 appears 31 times |
|
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: <pi-ms-win-core-localization-l1-2-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: dxgidebug.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: xx.scr.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: sus36.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_00787BFF GetLastError,FormatMessageW, |
0_2_00787BFF |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0079C652 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, |
0_2_0079C652 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Command line argument: sfxname |
0_2_007A037C |
Source: C:\Users\user\Desktop\xx.scr.exe |
Command line argument: sfxstime |
0_2_007A037C |
Source: C:\Users\user\Desktop\xx.scr.exe |
Command line argument: pP| |
0_2_007A037C |
Source: C:\Users\user\Desktop\xx.scr.exe |
Command line argument: STARTDLG |
0_2_007A037C |
Source: C:\Users\user\Desktop\xx.scr.exe |
Command line argument: >G{ |
0_2_007B4690 |
Source: xx.scr.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\xx.scr.exe |
File read: C:\Windows\win.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: xx.scr.exe |
ReversingLabs: Detection: 13% |
Source: C:\Users\user\Desktop\xx.scr.exe |
File read: C:\Users\user\Desktop\xx.scr.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\xx.scr.exe |
Automated click: OK |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: xx.scr.exe |
Static file information: File size 3755246 > 1048576 |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: xx.scr.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: xx.scr.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: xx.scr.exe |
Source: xx.scr.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: xx.scr.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: xx.scr.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: xx.scr.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: xx.scr.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: xx.scr.exe |
Static PE information: section name: .didat |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A125A push ecx; ret |
0_2_007A126D |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A1DB0 push ecx; ret |
0_2_007A1DC3 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0078C4A8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
0_2_0078C4A8 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0079E560 SendDlgItemMessageW,EndDialog,GetDlgItem,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, |
0_2_0079E560 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007AD998 FindFirstFileExA, |
0_2_007AD998 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A0B80 VirtualQuery,GetSystemInfo, |
0_2_007A0B80 |
Source: C:\Users\user\Desktop\xx.scr.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A647F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007A647F |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007AA640 mov eax, dword ptr fs:[00000030h] |
0_2_007AA640 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007AE680 GetProcessHeap, |
0_2_007AE680 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A215D SetUnhandledExceptionFilter, |
0_2_007A215D |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A12D7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_007A12D7 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A647F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007A647F |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A1FCA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007A1FCA |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007927A9 cpuid |
0_2_007927A9 |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: GetLocaleInfoW,GetNumberFormatW, |
0_2_0079D0AB |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_007A037C GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle, |
0_2_007A037C |
Source: C:\Users\user\Desktop\xx.scr.exe |
Code function: 0_2_0078D076 GetVersionExW, |
0_2_0078D076 |