Detection Tab
2 engines detected this file
SHA-256 4c6648b6f95b03b2532175796aad162d21607c145fe70d3d7002511cc65e4a2e
File name ArtPlus EasyNoter PRO.exe
File size 7.51 MB
Last analysis 2018-08-20 15:13:03 UTC
Detection
Details
Behavior
Community
TrendMicro-HouseCall >> Suspicious_GEN.F47V0815
VBA32 >> Trojan.Delf
Behavior Tab
File System Actions
Files Opened
C:\4c6648b6f95b03b2532175796aad162d21607c145fe70d3d7002511cc65e4a2e
C:\Documents and Settings\<USER>\Programs\tmp.tmp
\\.\PIPE\lsarpc
\\.\MountPointManager
C:\WINDOWS\Registration\R000000000007.clb
\\.\shadow
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\winsock.dll
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
Files Read
C:\WINDOWS\Registration\R000000000007.clb
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\winsock.dll
Files Written
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
Files Deleted
C:\Documents and Settings\<USER>\Programs\tmp.tmp
Process And Service Actions
Processes Created (Note – Processes Injected dwwin.exe)
C:\WINDOWS\system32\drwtsn32 -p 1228 -e 724 -g
Processes Injected
dwwin.exe
Synchronization Mechanisms
Mutexes Opened
ShimCacheMutex
Modules Loaded
Runtime DLLs
secur32.dll
userenv.dll
ole32.dll
riched20.dll
uxtheme.dll
setupapi.dll
rpcrt4.dll
apphelp.dll
clbcatq.dll
comctl32.dll
No Thanks !