Source: uRL6wUtNbn.exe | virustotal: Detection: 74% | Perma Link |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00406773 push 86005701h; ret | 1_2_00406778 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_0040633C pushad ; ret | 1_2_0040634B |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00403177 push eax; ret | 1_2_00403194 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00401000 push eax; retf | 1_2_00401078 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00406060 push 0000000Fh; ret | 1_2_0040606B |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00401741 push edi; iretd | 1_2_004017B3 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_0040491A push ecx; retn 0000h | 1_2_00404941 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00405347 push 00000057h; ret | 1_2_00405377 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_00401036 push eax; retf | 1_2_00401078 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Code function: 1_2_004048CC push ecx; ret | 1_2_004048DC |
Source: classification engine | Classification label: mal48.winEXE@1/0@0/0 |
Source: uRL6wUtNbn.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: uRL6wUtNbn.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: uRL6wUtNbn.exe | Binary or memory string: Progman |
Source: uRL6wUtNbn.exe | Binary or memory string: Program Manager |
Source: uRL6wUtNbn.exe | Binary or memory string: Shell_TrayWnd |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Process queried: DebugPort |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe | Thread delayed: delay time: 30000 |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe TID: 3444 | Thread sleep time: -600s >= -60s |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe TID: 3436 | Thread sleep time: -30000s >= -60s |
Source: C:\Users\user\Desktop\uRL6wUtNbn.exe TID: 3444 | Thread sleep time: -100s >= -60s |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |