Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IA T is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_LO AD_CONFIG is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_BA SERELOC is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_RE SOURCE is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IM PORT is in. PE file contains a valid data directory to section mapping Static PE information: DYNAMIC_BA SE, NX_COM PAT
![potplayer malware potplayer malware](https://threatinfo.net/screens/screen-4c460992bb38b3c7105b91421f57f2c1.png)
Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe 'C:\ Users\user \Desktop\p otplayer.d ll',SetPot PlayRegKey WĬontains modern PE file flags such as dynamic base (ASLR) or NX Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe 'C:\ Users\user \Desktop\p otplayer.d ll',RunPot Player
![potplayer malware potplayer malware](https://fileswin.com/wp-content/uploads/2017/02/KMPlayer-Screen-2-640x360.png)
Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe 'C:\ Users\user \Desktop\p otplayer.d ll',Prepro cessCmdLin eExW Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe 'C:\ Users\user \Desktop\p otplayer.d ll',Destro yPotPlayer Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe 'C:\ Users\user \Desktop\p otplayer.d ll',Create PotPlayerE xW Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe C:\U sers\user\ Desktop\po tplayer.dl l,UninitPo tPlayer Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe C:\U sers\user\ Desktop\po tplayer.dl l,SetPotPl ayRegKeyW Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe C:\U sers\user\ Desktop\po tplayer.dl l,RunPotPl ayer Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe C:\U sers\user\ Desktop\po tplayer.dl l,Preproce ssCmdLineE xW Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe C:\U sers\user\ Desktop\po tplayer.dl l,DestroyP otPlayer Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe 'C: \Users\use r\Desktop\ potplayer. Process created: C:\Windows \SysWOW64\ cmd.exe cm d.exe /C r undll32.ex e 'C:\User s\user\Des ktop\potpl ayer.dll', #1
#Potplayer malware .exe#
exe loaddl l32.exe 'C :\Users\us er\Desktop \potplayer. Process created: C:\Windows \System32\ loaddll32. Process created: C:\Windows \SysWOW64\ rundll32.e xe rundll3 2.exe C:\U sers\user\ Desktop\po tplayer.dl l,CreatePo tPlayerExW Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section
![potplayer malware potplayer malware](https://images.sftcdn.net/images/t_app-cover-m,f_auto/p/3dbc09b1-993d-4038-8678-aea832d1fe06/183437516/potplayer-screenshot.png)
Static PE information: 32BIT_MACH INE, EXECU TABLE_IMAG E, DLLĬlassification label: mal48.evad files inside the user directoryįile created: C:\Users\u ser\AppDat a\Roaming\ microsoft\ network\ca che Source: C:\Windows \SysWOW64\ rundll32.e xeĬode function: 5_2_6D5918 D0 _memset ,_memset,_ memset,_me mset,_mems et,_memset ,_memset,_ memset,_me mset,_mems et,_memset ,_memset,G etLocalTim e,GetLocal Time,_mems et,swprint f,Sleep,_m emset,swpr intf,GetLo calTime,Sl eep,OpenCl ipboard,Ge tClipboard Data,Close Clipboard, GlobalLock ,_memset,_ mbstowcs_s ,_memset,s wprintf,Cl oseClipboa rd,_memset ,swprintf, _memset,sw printf,_me mset,swpri ntf,_memse t,_memset, GetLocalTi me,_wfsop en,GetLoca lTime,Ĭontains functionality to read the clipboard dataįound potential string decryption / allocating functionsĬode function: String fun ction: 6D5 95270 appe ars 34 tim es
![potplayer malware potplayer malware](https://fileswin.com/wp-content/uploads/2017/02/potplayer-scrrenshot-2-640x360.png)
Contains functionality for read data from the clipboard