|
Analyzing...
|
File Name: -OEM10.exe
SHA1: 0380169bedeab35bc0d74fff3196447f675ac6cb
MD5: 2e0c3a8b0fc49cb4e932663f011859b8
First Seen Date: 2017-01-08 14:45:38.766767 ( )
Number of Clients Seen: 6
Last Analysis Date: 2017-01-08 14:45:38.766767 ( )
Human Expert Analysis Date: 2017-01-13 01:28:16.093626 ( )Human Expert Analysis Result: Malware
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-01-08 14:45:38.766767 | Malware | |
| Static Analysis Overall Verdict | 2017-01-08 14:45:38.766767 | Highly Suspicious | |
| Dynamic Analysis Overall Verdict | 2017-01-08 14:45:38.766767 | No Threat Found | help |
| Human Expert Analysis Overall Verdict | 2017-01-13 01:28:16.093626 | Malware | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Suspicious | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Suspicious | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Opens a file in a system directory | |
Behavioral Information
C:\-OEM10.exe
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
C:\Windows\Fonts\staticcache.dat
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Tahoma
Local\MSCTF.Asm.MutexDefault1
USER32.dll
WINSTA.dll
ADVAPI32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
RPCRT4.dll
comctl32.dll
UxTheme.dll
imageres.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2017-01-13 00:45:52.711656 ( )
Analysis End Date: 2017-01-13 01:28:16.093626 ( )
File Upload Date: 2017-01-08 14:45:38.919591 ( )
Update Date: 2017-01-18 05:01:19.081354 ( )
Human Expert Analyst Feedback: Trojan.Win32.HackTool
Verdict: Malware
Malware Family: Trojan.Win32.HackTool
Malware Type: Trojan Generic
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|