Analyzing...

File Name: spedizione_19875.exe

SHA1: 2f86625d3125b48e1b41281a8f2a8ba422ba845f

MD5: 08bfab7502442076dce5a1ec63c01385

First Seen Date: 2016-04-22 00:09:32.273081 ( 2016-04-22 00:09:32.273081 )

Number of Clients Seen: 6

Last Analysis Date: 2016-04-22 11:35:36.921165 ( 2016-04-22 11:35:36.921165 )

Human Expert Analysis Date: 2016-05-04 08:32:44.380354 ( 2016-05-04 08:32:44.380354 )

Human Expert Analysis Result: Malware

Analysis Summary

Analysis Type	Date	Verdict
Signature Based Detection	2016-04-22 11:35:36.921165	Malware
Static Analysis Overall Verdict	2016-04-22 11:35:36.921165	Highly Suspicious
Dynamic Analysis Overall Verdict	2016-04-22 11:35:36.921165	Highly Suspicious
Human Expert Analysis Overall Verdict	2016-05-04 08:32:44.380354	Malware

Static Analysis

Static Analysis Overall Verdict	Result
Highly Suspicious

Detector	Result
Optional Header LoaderFlags field is valued illegal	Clean
Non-ascii or empty section names detected	Clean
Illegal size of optional Header	Clean
Packer detection on signature database	Unknown
Based on the sections entropy check! file is possibly packed	Clean
Timestamp value suspicious	Clean
Header Checksum is zero!	Suspicious
Enrty point is outside the 1st(.code) section! Binary is possibly packed	Clean
Optional Header NumberOfRvaAndSizes field is valued illegal	Clean
Anti-vm present	Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger	Suspicious
TLS callback functions array detected	Clean

Anti-debug calls

FindWindowExA

Dynamic Analysis

Dynamic Analysis Overall Verdict	Result
Highly Suspicious

Suspicious Behaviors
Opens a file in a system directory

Behavioral Information

CreateMutex

<NULL>

CreateFile

C:\

C:\Windows

C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db

C:\sample

C:\Users\win7\AppData\Local\Temp\nswAE41.tmp

C:\Users\win7\AppData\Local\Temp\nsmAE52.tmp\System.dll

LoadLibrary

SHFOLDER

ole32.dll

comctl32.dll

ADVAPI32.dll

SHELL32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

propsys.dll

ntmarta.dll

C:\Users\win7\AppData\Local\Temp\nsmAE52.tmp\System.dll

hiccough

QueryFilePath

C:\sample

DeleteFile

C:\Users\win7\AppData\Local\Temp\nswAE40.tmp

C:\Users\win7\AppData\Local\Temp\nsmAE52.tmp

Precise Detectors Analysis Results

No Detector Result Received

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Human Expert Analysis Results

Analysis Start Date: 2016-05-04 04:31:12.276404 ( 2016-05-04 04:31:12.276404 )

Analysis End Date: 2016-05-04 08:32:44.380354 ( 2016-05-04 08:32:44.380354 )

File Upload Date: 2016-05-04 03:49:31.286297 ( 2016-05-04 03:49:31.286297 )

Update Date: 2016-05-04 08:32:44.380360 ( 2016-05-04 08:32:44.380360 )

Human Expert Analyst Feedback: Malware

Verdict: Malware

Malware Family: Trojan.Win32.FilecoderInjector

Malware Type: Trojan Generic

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property	Value

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5