Analyzing...
|
File Name:   SUMo.exe
SHA1:   02500af0d4768ceaaed6e8fdd5728590bd50fb88
MD5:   bfcfc69d0d8fe63579a58bce9f2bfb8f
First Seen Date:  2017-03-22 22:03:12.483749 ( )
Number of Clients Seen:   3
Last Analysis Date:  2017-03-22 22:03:12.483749 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-03-22 22:03:12.483749 | Clean | |
Static Analysis Overall Verdict | 2017-03-22 22:03:12.483749 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2017-03-22 22:03:12.483749 | No Threat Found | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Suspicious | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory |
Behavioral Information
C:\SUMo.exe
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
Win31FileSystem
Width
Maximized
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
lng
Name
Pass
MinSysTray
DisableLightDark
ShowFilePath
uid
DebugLog
DisplayName
STAT_NbRun
STAT_NbExport
STAT_NbCheckLicence
STAT_NbCheckLicenceAlt
STAT_NbCheckLicenceOK
STAT_NbCheckLicenceKO
STAT_NbCheckLicenceNOT
STAT_NbDrivers
STAT_MainNbCheck
STAT_MainNbOnline
STAT_AltNbCheck
STAT_AltNbOnline
STAT_NonValidLicDetected
STAT_NagDisplay
STAT_DegradedMode
HTTPProxyPort
HTTPProxyUserName
HTTPProxyPassword
HTTPProxyHost
UseHTTPProxy
CurVersion
SOFTWARE\KC Softwares\SUMo
SOFTWARE\KC Softwares
C:\Windows\Fonts\staticcache.dat
C:\
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\AppData
C:\Users\win7\AppData\Roaming\KC Softwares\SUMo\SUMo.log
\\.\PIPE\wkssvc
C:\Users\win7\AppData\Roaming\KC Softwares\SUMo\SUMo.cache
\\.\Nsi
C:\Users\win7\AppData\Roaming\KC Softwares\SUMo\HnGUztjMWg
Software\Borland\Locales
Software\Borland\Delphi\Locales
SYSTEM\CurrentControlSet\Control\FileSystem
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
MS Sans Serif
Software\KC Softwares\SUMo
SOFTWARE\KC Softwares
SOFTWARE\KC Softwares\SUMo
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C3}\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\
<NULL>
Local\MSCTF.Asm.MutexDefault1
C:\SUMo.ENU
C:\SUMo.EN
msi.dll
uxtheme.dll
comctl32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
kernel32.dll
ADVAPI32.dll
UxTheme.dll
IMM32.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
C:\SUMo.exe
shell32.dll
ntdll.dll
ole32.dll
propsys.dll
ntmarta.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
SHELL32.dll
cscapi.dll
wsock32.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
WS2_32.dll
OLEAUT32.DLL
C:\Users\win7\AppData\Roaming\KC Softwares\SUMo\HnGUztjMWg
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|