NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: C:\Program Files (x8 6)\Interne t Download Manager\I DMan.exeĬode function: 25_2_00602 CBA _EH_p rolog,GetF ullPathNam eA,lstrcpy nA,GetVolu meInformat ionA,CharU pperA,Find FirstFileA ,FindClose ,lstrcpyA,Ĭode function: 25_2_0041D 4A0 FindFi rstFileW,F indNextFil eW,FindNex tFileW,Fin dNextFileW ,DeleteFil eW,FindNex tFileW,Fin dClose,Rem oveDirecto ryW,Ĭode function: 25_2_0040E 230 FindFi rstFileW,F indNextFil eW,FindClo se,Ĭode function: 25_2_005B2 C60 RegQue ryValueExW ,FindFirst FileW,Find NextFileW, FindNextFi leW,FindNe xtFileW,Fi ndNextFile W,DeleteFi leW,FindNe xtFileW,Fi ndClose,Re moveDirect oryW, Source: C:\Program Files (x8 6)\Interne t Download Manager\U ninstall.e xeĬode function: 9_2_0040A6 14 GetDlgI tem,ShowWi ndow,wspri ntfW,FindF irstFileW, FindNextFi leW,FindNe xtFileW,Fi ndNextFile W,FindClos e,CreateTh read,GetLa stError,Ĭode function: 9_2_0040EA 21 wsprint fW,wsprint fW,FindFir stFileW,Ge tMessageW, FindNextFi leW,FindNe xtFileW,Fi ndNextFile W,wsprintf W,wsprintf W,FindClos e,RemoveDi rectoryW,Ĭode function: 9_2_004082 2B _EH_pr olog,memse t,FindFirs tFileW,mem set,FindNe xtFileW,Fi ndClose,Ĭode function: 9_2_0040B7 69 GetDlgI tem,SendMe ssageW,SHG etMalloc,S HBrowseFor FolderW,wc scpy,wcsch r,WideChar ToMultiByt e,MultiByt eToWideCha r,wcscmp,G etVersionE xW,RegOpen KeyExW,Reg OpenKeyExW ,RegQueryV alueExW,wc slen,_wcsn icmp,RegCl oseKey,Reg OpenKeyExW ,RegQueryV alueExW,wc slen,_wcsn icmp,RegCl oseKey,wcs len,wsprin tfW,wsprin tfW,wsprin tfW,Messag eBoxW,wcsc py,wsprint fW,FindFir stFileW,Fi ndNextFile W,FindNext FileW,Find NextFileW, FindClose, wsprintfW, GetFileAtt ributesW,R egOpenKeyE xW,RegQuer yValueExW, wcschr,wcs rchr,lstrc mpiW,RegCl oseKey,Mes sageBoxW,w sprintfW,M essageBoxW ,RegCloseK ey,FindClo se,GetDlgI tem,SendMe ssageW,Ĭode function: 9_2_0040DF 6C memset, memset,SHG etSpecialF olderLocat ion,SHGetS pecialFold erLocation ,SHGetPath FromIDList W,SHGetPat hFromIDLis tW,wcscat, SHGetSpeci alFolderLo cation,SHG etPathFrom IDListW,wc scat,wspri ntfW,Delet eFileW,Fin dFirstFile W,wcslen,F indFirstFi leW,wcslen ,FindNextF ileW,FindN extFileW,w cslen,wspr intfW,GetF ileAttribu tesW,wspri ntfW,wspri ntfW,Delet eFileW,wsp rintfW,Del eteFileW,w sprintfW,D eleteFileW ,wsprintfW ,DeleteFil eW,wsprint fW,DeleteF ileW,wspri ntfW,Delet eFileW,Rem oveDirecto ryW,FindCl ose,Ĭode function: 9_2_004057 71 wsprint fW,wsprint fW,FindFir stFileW,Fi ndNextFile W,FindNext FileW,Find NextFileW, wsprintfW, FindClose, RemoveDire ctoryW,Pos tQuitMessa ge, 30.10.exeĬode function: 0_2_004064 36 FindFir stFileW,Fi ndClose,Ĭode function: 0_2_00406D FC DeleteF ileW,Close Handle,lst rcatW,lstr catW,lstrc atW,lstrle nW,FindFir stFileW,De leteFileW, FindNextFi leW,FindCl ose,Remove DirectoryW ,Ĭode function: 0_2_00402E 18 FindFir stFileW,Ĭode function: 2_2_004064 36 FindFir stFileW,Fi ndClose,Ĭode function: 2_2_00406D FC DeleteF ileW,Close Handle,lst rcatW,lstr catW,lstrc atW,lstrle nW,FindFir stFileW,De leteFileW, FindNextFi leW,FindCl ose,Remove DirectoryW ,Ĭode function: 2_2_00402E 18 FindFir stFileW, Source: C:\Users\u ser\Deskto p\Internet.
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behaviorĬontains functionality to enumerate / list files inside a directory starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "-") Launch the sample with the 'Check if internet explorer is infected by malware' cookbook Sample installs a Browser Helper Object (BHO), but no browser is started. Sample has installed a browser extension but no browser has been started, analyze it with the 'Check if internet explorer is infected by malware' cookbook Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox