|
Analyzing...
|
File Name: FreeOCRtoWord.exe
SHA1: 0de32d8aa4d39843b9700f1b0d329e7d66d7a08a
MD5: db8ca05c746c200d117bf1286d99883d
First Seen Date: 2017-08-04 21:35:30.879163 ( )
Number of Clients Seen: 4
Last Analysis Date: 2017-08-04 21:35:30.879163 ( )
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-08-04 21:35:30.879163 | Malware | |
| Static Analysis Overall Verdict | 2017-08-04 21:35:30.879163 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2017-08-04 21:35:30.879163 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2017-08-04 21:35:30.879163 | No Match | help |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Opens a file in a system directory | |
| Uses a function clandestinely | |
Behavioral Information
{"lDistanceToMove": "29996", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "18fb38", "hFile": "160"}
{"lDistanceToMove": "11839a", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "18fb38", "hFile": "160"}
{"lDistanceToMove": "0", "dwMoveMethod": "1", "lpDistanceToMoveHigh": "18fe14", "hFile": "120"}
{"lDistanceToMove": "0", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "17f97c", "hFile": "158"}
{"lDistanceToMove": "1e600", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "17f988", "hFile": "224"}
{"lDistanceToMove": "0", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "17f97c", "hFile": "224"}
{"lDistanceToMove": "0", "dwMoveMethod": "1", "lpDistanceToMoveHigh": "18fe1c", "hFile": "120"}
{"lDistanceToMove": "13535d", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "18fe04", "hFile": "120"}
{"lDistanceToMove": "135294", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "18fe04", "hFile": "120"}
{"lDistanceToMove": "12d2d8", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "18fe20", "hFile": "120"}
{"lDistanceToMove": "eea00", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "17f988", "hFile": "158"}
{"lDistanceToMove": "1da00", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "18fb38", "hFile": "160"}
{"lDistanceToMove": "32200", "dwMoveMethod": "0", "lpDistanceToMoveHigh": "17f988", "hFile": "158"}
150
328
12c
32c
2b8
2c4
158
2b4
2b0
120
15c
238
240
278
100
2bc
294
C:\Users\win7\AppData\Local\Temp\is-UVDEO.tmp\FreeOCRtoWord.tmp
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\itdownload.dll
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\uwIknPJtj.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
reeOCRtoWord
reeocrtoword
DnsCacheEntries
DisableKeepAlive
CacheMode
ProxyHttp1.1
DisableBasicOverClearChannel
WaitToKillServiceTimeout
DisableBranchCache
ScavengeCacheLowerBound
CertCacheNoValidate
IdnEnabled
LeashLegacyCookies
Plane16
MaxConnectionsPer1_0Server
Plane14
Plane15
Plane12
Plane13
Plane10
Plane11
MaxConnectionsPerProxy
DnsCacheTimeout
UseFirstAvailable
FrameMerging
SendTimeOut
ProxyOverride
WpadSearchAllDomains
DefaultConnectionSettings
Plane4
Plane5
Plane6
Plane7
BadProxyExpiresTime
Plane2
Plane3
HttpDefaultExpiryTimeSecs
FromCacheTimeout
Plane8
Plane9
ProxyEnable
RegisteredOrganization
SendExtraCRLF
DisableNTLMPreAuth
ShareCredsWithWinHttp
SocketSendBufferLength
ReceiveTimeOut
WarnOnPost
EnforceP3PValidity
ServerInfoTimeout
ConnectTimeOut
CommonFilesDir
AlwaysDrainOnRedirect
WarnOnZoneCrossing
DontUseDNSLoadBalancing
EnableSpdyDebugAsserts
SecureProtocols
WarnAlwaysOnPost
AutoConfigURL
WpadOverride
PreConnectLimit
SavedLegacySettings
MaxConnectionsPerServer
TcpAutotuning
TabProcGrowth
EnableNegotiate
WarnOnBadCertRecving
EnableHttp1_1
SocketReceiveBufferLength
ClientAuthBuiltInUI
FtpDefaultExpiryTimeSecs
ScavengeCacheFileLimit
SyncMode5
CombineFalseStartData
Plane1
DnsCacheEnabled
DisableReadRange
DisableFalseStartBlocklist
ConnectRetries
SqmHttpStreamRandomUploadPoolSize
WarnOnPostRedirect
MS Shell Dlg 2
Disable
FrameTabWindow
MaxHttpRedirects
DataFilePath
AutoDetect
SystemSetupInProgress
AutoProxyDetectType
SessionMerging
RegisteredOwner
ScavengeCacheFileLifeTime
FEATURE_CLIENTAUTHCERTFILTER
KeepAliveTimeout
WarnOnHTTPSToHTTPRedirect
PreResolveLimit
ProgramFilesDir
ProxyServer
DuoProtocols
AdminTabProcs
{"Reserved": "0", "hKey": "15c", "lpData": "2b7e88", "dwType": "3", "lpValueName": "SessionHash", "cbData": "20"}
{"Reserved": "0", "hKey": "328", "lpData": "2f68d0", "dwType": "3", "lpValueName": "SavedLegacySettings", "cbData": "b8"}
{"Reserved": "0", "hKey": "32c", "lpData": "18dd28", "dwType": "4", "lpValueName": "ProxyEnable", "cbData": "4"}
{"Reserved": "0", "hKey": "15c", "lpData": "2b8628", "dwType": "3", "lpValueName": "Owner", "cbData": "c"}
{"Reserved": "0", "hKey": "158", "lpData": "18fdc4", "dwType": "4", "lpValueName": "Sequence", "cbData": "4"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "18fd98", "dwOptions": "1", "lpClass": "<NULL>", "phkResult": "18fd9c", "lpSubKey": "Software\\Microsoft\\RestartManager\\Session0000"}
{"h_key": "80000001", "samDesired": "2", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "18dccc", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "18dd10", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "18dd30", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "18dd34", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "18dd2c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "18fd88", "dwOptions": "1", "lpClass": "<NULL>", "phkResult": "18fd8c", "lpSubKey": "Software\\Microsoft\\RestartManager\\Session0000"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "18fd68", "dwOptions": "1", "lpClass": "<NULL>", "phkResult": "18fd7c", "lpSubKey": "Software\\Microsoft\\RestartManager\\Session0000"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "18dc74", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "20006", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "18dd2c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "18dc0c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"dwCreationDisposition": "3", "path": "\\\\.\\Nsi", "dwDesiredAccess": "0", "dwShareMode": "3"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\is-5RCSK.tmp\\uwIknPJtj.dll", "dwDesiredAccess": "40000000", "dwShareMode": "0"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\is-5RCSK.tmp\\rkverify.exe", "dwDesiredAccess": "c0000000", "dwShareMode": "0"}
{"dwCreationDisposition": "3", "path": "C:\\FreeOCRtoWord.exe", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\is-5RCSK.tmp\\isxdl.dll", "dwDesiredAccess": "40000000", "dwShareMode": "0"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\is-5RCSK.tmp\\_isetup\\_setup64.tmp", "dwDesiredAccess": "c0000000", "dwShareMode": "0"}
{"dwCreationDisposition": "4", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\is-5RCSK.tmp\\itdownload.dll", "dwDesiredAccess": "40000000", "dwShareMode": "0"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Fonts\\staticcache.dat", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\RestartManager"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "RETRY_HEADERONLYPOST_ONCONNECTIONRESET"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\CurrentControlSet\\Control"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\Setup"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Borland\\Locales"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_MIME_HANDLING"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\CurrentControlSet\\Control\\Keyboard Layouts\\041F0409"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\CodeGear\\Locales"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "MS Sans Serif"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_SCH_SEND_AUX_RECORD_KB_2618444"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "Tahoma"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_HTTP_USERNAME_PASSWORD_DISABLE"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Free OCR to Word_is1"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Free OCR to Word_is1"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\CodeGear\\Locales"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_USE_CNAME_FOR_SPN_KB911149"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Borland\\Delphi\\Locales"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_INCLUDE_PORT_IN_SPN_KB908209"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Borland\\Locales"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_DIGEST_NO_EXTRAS_IN_URI"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\CurrentControlSet\\Control\\Keyboard Layouts\\04090409"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_BUFFERBREAKING_818408"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "290", "phkResult": "0", "lpSubKey": "FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608"}
Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
<NULL>
Local\MSCTF.Asm.MutexDefault1
DefaultTabtip-MainUI
{"nNumberOfBytesToWrite": "2200", "lpOverlapped": "0", "lpBuffer": "17f9c8", "lpNumberOfBytesWritten": "17f97c", "hFile": "158"}
{"nNumberOfBytesToWrite": "10000", "lpOverlapped": "0", "lpBuffer": "17f9c8", "lpNumberOfBytesWritten": "17f97c", "hFile": "158"}
{"nNumberOfBytesToWrite": "ea00", "lpOverlapped": "0", "lpBuffer": "17f9c8", "lpNumberOfBytesWritten": "17f97c", "hFile": "158"}
{"nNumberOfBytesToWrite": "10000", "lpOverlapped": "0", "lpBuffer": "17f9c8", "lpNumberOfBytesWritten": "17f97c", "hFile": "224"}
{"nNumberOfBytesToWrite": "1800", "lpOverlapped": "0", "lpBuffer": "520ba0", "lpNumberOfBytesWritten": "18fd54", "hFile": "12c"}
{"nNumberOfBytesToWrite": "e600", "lpOverlapped": "0", "lpBuffer": "17f9c8", "lpNumberOfBytesWritten": "17f97c", "hFile": "224"}
C:\Users\win7\AppData\Local\Temp\is-UVDEO.tmp\FreeOCRtoWord.ENU
C:\Users\win7\AppData\Local\Temp\is-UVDEO.tmp\FreeOCRtoWord.EN
imm32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
ADVAPI32.dll
ole32.dll
comctl32.dll
C:\Windows\system32\shfolder.dll
C:\Windows\system32\Rstrtmgr.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
user32.dll
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\itdownload.dll
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\itdownload.ENU
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\itdownload.EN
ws2_32.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
WS2_32.dll
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\isxdl.dll
wininet.dll
uxtheme.dll
UxTheme.dll
IMM32.dll
C:\Windows\system32\imageres.dll
C:\Windows\system32\shlwapi.dll
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\uwIknPJtj.dll
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\uwIknPJtj.ENU
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\uwIknPJtj.EN
kernel32
Secur32.dll
SHELL32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
winhttp.dll
IPHLPAPI.DLL
api-ms-win-downlevel-shlwapi-l2-1-0.dll
OLEAUT32.DLL
C:\Users\win7\AppData\Local\Temp\is-5RCSK.tmp\rkverify.exe
InternetReadFile
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Static Precise Adware Prepscram 1 | 2017-08-04 21:34:06.465929 | No Match | help | No match. |
| Static Precise Trojan Cryptor Detector 1 | 2017-08-04 21:34:06.484440 | No Match | help | No match. |
| Yara Rule Static Malware Detector | 2017-08-04 21:34:06.483308 | No Match | help | No match. |
| Static Precise PUA Detector 1 | 2017-08-04 21:34:06.473417 | No Match | help | NotDetected |
| Static Precise Virus Detector | 2017-08-04 21:34:06.482883 | No Match | help | NotDetected |
| Static Precise Trojan Detector | 2017-08-04 21:34:06.492403 | No Match | help | NotDetected |
| Static Precise PUA Detector 2 | 2017-08-04 21:34:06.498442 | No Match | help | No match. |
| Static Precise PUA Detector 3 | 2017-08-04 21:34:06.503643 | No Match | help | No match. |
| Static Precise Virus Hezhi Detector | 2017-08-04 21:34:06.523501 | No Match | help | No match. |
| Ransomware Chunk Detector | 2017-08-04 21:34:13.007665 | No Match | help | No match. |
| Static Precise Virus Detector 2 | 2017-08-04 21:34:06.504633 | No Match | help | NotDetected |
| Static Precise Trojan Detector 2 | 2017-08-04 21:34:06.512749 | No Match | help | NotDetected |
| Static Precise Trojan Detector 3 | 2017-08-04 21:34:06.524408 | No Match | help | NotDetected |
| Static Precise Adware InstallCore Detector 1 | 2017-08-04 21:34:06.525184 | No Match | help | NotDetected |
| Static Precise Trojan Generic Cryptor Detector 1 | 2017-08-04 21:34:06.532812 | No Match | help | NotDetected |
| Malicious Url Detector | 2017-08-04 21:35:30.814874 | No Match | help | No match. |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|