|
Analyzing...
|
File Name: a2.exe
SHA1: 2c227a095d14dfc833e7fe22236342c275c7f601
MD5: 0da8d9500fb47ca5763747447645cb67
First Seen Date: 2017-02-17 20:02:16.960626 ( )
Number of Clients Seen: 4
Last Analysis Date: 2017-02-17 20:02:16.960626 ( )
Human Expert Analysis Date: 2017-02-23 16:47:59.758000 ( )Human Expert Analysis Result: Malware
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-02-17 20:02:16.960626 | Malware | |
| Static Analysis Overall Verdict | 2017-02-17 20:02:16.960626 | Highly Suspicious | |
| Dynamic Analysis Overall Verdict | 2017-02-17 20:02:16.960626 | Highly Suspicious | |
| Human Expert Analysis Overall Verdict | 2017-02-23 16:47:59.758000 | Malware | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Suspicious | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Suspicious Behaviors | |
|---|---|
| Opens a file in a system directory | |
| Uses a function clandestinely | |
| Has no visible windows | |
Behavioral Information
C:\a2.exe
#22#
#63#
#3A#
#2F#
#61#
#32#
#2E#
#65#
#78#
#20#
#70#
#74#
#68#
#3C#
#5C#
#3E#
#6D#
#5F#
#66#
#69#
#6C#
#43#
#35#
#41#
#45#
#39#
#38#
#36#
#33#
#42#
#37#
#44#
#46#
#31#
#34#
#30#
#F0#
#C3#
#B8#
#2019#
#2039#
#14#
#2122#
#DA#
#27#
#23#
#BE#
#D1#
#76#
#10#
#9D#
#D5#
#F6#
#7D#
#AE#
#EB#
#DE#
#5A#
#4A#
#FF#
#D8#
#B6#
#DB#
#2013#
#F4#
#2030#
#2026#
#E2#
#201C#
#6#
#D3#
#201A#
#D4#
#72#
#1C#
#7C#
#AA#
#3F#
#D#
#A5#
#DF#
#B9#
#F#
#8#
#B3#
#CE#
#F8#
#28#
#7E#
#160#
#26#
#47#
#2DC#
#C5#
#75#
#55#
#D7#
#CA#
#6E#
#AF#
#8F#
#C0#
#64#
#52#
#D0#
#4#
#E4#
#B4#
#A1#
#C2#
#DC#
#11#
#F9#
#6F#
#F7#
#B5#
#2021#
#C8#
#B1#
#E9#
#F5#
#62#
#67#
#A4#
#6A#
#153#
#D6#
#FB#
#81#
#19#
#4B#
#53#
#2014#
#DD#
#90#
#C9#
#A7#
#3D#
#49#
#CD#
#E#
#48#
#F2#
#FA#
#A3#
#CC#
#60#
#AB#
#4D#
#2018#
#2020#
#20AC#
#A6#
#BA#
#152#
#E3#
#FC#
#161#
#ED#
#A0#
#EE#
#EC#
#E7#
#7B#
#EA#
#178#
#E6#
#1D#
#E8#
#5B#
#C7#
#18#
<NULL>
#192#
#B0#
#3B#
#50#
#73#
#CB#
#8D#
#5D#
#1#
#BB#
#BD#
#E0#
#17D#
#1E#
#16#
#FE#
#201E#
#17#
#7A#
#E5#
#56#
#3#
#5E#
#AC#
#4C#
#EF#
#201D#
#BF#
#A9#
#F1#
#A8#
#C1#
#13#
#15#
#AD#
#54#
#D2#
#A#
#59#
#24#
#5#
#51#
#E1#
#7#
#17E#
#29#
#D9#
#25#
#C6#
#7F#
#2C6#
#57#
#1B#
#21#
#58#
#FD#
#4F#
#79#
#2#
#2C#
#40#
#9#
#B2#
#CF#
#71#
#2D#
#4E#
#2022#
#6B#
#BC#
#2B#
#77#
#1A#
#A2#
#C#
#C4#
#B#
#B7#
#12#
#1F#
#F3#
#2A#
#203A#
InstallDate
O72VxLtvOp
ProcessID
EnablePrivateObjectHeap
ContextLimit
ObjectLimit
IdentifierLimit
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\mshta.exe
c:\a2.exe
C:\Windows\system32\rsaenh.dll
Software\Borland\Locales
Software\Borland\Delphi\Locales
Software\Microsoft\Windows NT\CurrentVersion
software\
software\zB6YY2
software\ghcpxooxgh
software\zB6YY2\
Software\Microsoft\WBEM\CIMOM
<NULL>
imm32.dll
SspiCli.dll
kernel32.dll
user32.dll
advapi32.dll
oleaut32.dll
version.dll
gdi32.dll
wininet.dll
ole32.dll
wsock32.dll
winmm.dll
atl.dll
ntdll.dll
wtsapi32.dll
Wtsapi32.dll
PSAPI.DLL
shell32.dll
urlmon.dll
C:\a2.ENU
C:\a2.EN
Kernel32.dll
Shell32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
ADVAPI32.dll
CRYPTBASE.dll
OLEAUT32.dll
OpenProcess
ReadProcessMemory
CreateRemoteThread
CreateProcessW
GetThreadContext
SetThreadContext
InternetReadFile
ShellExecuteExW
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2017-02-23 13:13:47.795403 ( )
Analysis End Date: 2017-02-23 16:47:59.758000 ( )
File Upload Date: 2017-02-17 20:02:17.103040 ( )
Update Date: 2017-02-23 16:47:59.764040 ( )
Human Expert Analyst Feedback:
Verdict: Malware
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|