Analyzing...
|
File Name:   1710281010_1.exe
SHA1:   39099f109a34b5b04dfc8f9860592c70efded246
MD5:   25e690f0936aa052603e9f57d49ffff2
First Seen Date:  2017-10-28 17:20:06.826278 ( )
Number of Clients Seen:   3
Last Analysis Date:  2017-10-28 17:20:06.826278 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-10-28 17:20:06.826278 | Malware | |
Static Analysis Overall Verdict | 2017-10-28 17:20:06.826278 | No Threat Found | help |
Precise Detectors Overall Verdict | 2017-10-28 17:20:06.826278 | No Match | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual C# / Basic .NET
.NET executable
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Creates a child process | |
Creates file in a system directory | |
Writes to address space of another process | |
Uses a function clandestinely | |
Reads memory of another process | |
Opens a file in a system directory | |
Has no visible windows |
Behavioral Information
ConfigMask
DisableSecuritySettingsCheck
DisplayName
NoClientChecks
CLRLoadLogDir
ForceLog
MissingDependencies
System
System.Security
NIUsageMask
NIDependencies
SIG
LoggingLevel
System.Runtime.Serialization.Formatters.Soap
LogResourceBinds
OnlyUseLatestCLR
Status
DevOverrideEnable
System.Drawing
UseLegacyIdentityFormat
ILUsageMask
System.Xml
mscorlib
ILDependencies
FrameTabWindow
System.Web
System.Management
DisableMSIPeek
SystemSetupInProgress
LegacyPolicyTimeStamp
Microsoft.VisualBasic
EnablePunycode
di
LastModTime
Modules
CacheLocation
System.Configuration
System.Deployment
MVID
VersioningLog
LogFailures
DisableConfigCache
index1
TabProcGrowth
InstallRoot
Latest
LatestIndex
FrameMerging
CreateUriCacheSize
GCStressStart
GCStressStartAtJit
AdminTabProcs
System.Runtime.Remoting
EvalationData
SpecialFoldersCacheSize
System.Windows.Forms
DownloadCacheQuotaInKB
SessionMerging
ConfigString
EnableLog
Accessibility
RegCloseKey(b8)
RegCloseKey() -> 0
RegCloseKey(b4)
RegCloseKey(bc)
RegCloseKey(cc)
RegCloseKey(c8)
RegCloseKey(12c)
RegCloseKey(128)
RegCloseKey(184)
RegCloseKey(178)
RegCloseKey(190)
RegCloseKey(1a0)
RegCloseKey(1b0)
RegCloseKey(1f0)
RegCloseKey(228)
RegCloseKey(284)
RegCloseKey(2a4)
RegCloseKey(2c8)
RegCloseKey(2cc)
RegCloseKey(80000004)
ADVAPI32.dll
SHLWAPI.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscoree.dll
ntdll
advapi32.dll
shell32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
ole32.dll
kernel32.dll
AdvApi32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
bcrypt.dll
CRYPTSP.dll
CRYPTBASE.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\12dc10e5c0e8d176cf21a16a6fc5fc3b\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
propsys.dll
comctl32.dll
SHELL32.dll
ntmarta.dll
Secur32.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
api-ms-win-downlevel-advapi32-l2-1-0.dll
OLEAUT32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
file
.exe
program
{"dwCreationDisposition": "3", "path": "C:\\Windows\\services.exe", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\services.exe", "dwDesiredAccess": "20000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\enterprisesec.config.cch", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "dwDesiredAccess": "80000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\system32\\rsaenh.dll", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\security.config", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "1", "path": "C:\\Windows\\services.exe", "dwDesiredAccess": "c0000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\index1c2.dat", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\security.config.cch", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\1710281010_1.exe", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\system32\\l_intl.nls", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\enterprisesec.config", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\assembly\\pubpol1.dat", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\services.exe.config", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
RegSetValueExW(80000001,di,0,1,2571d54,4)
RegSetValueExW(,,,,,) -> 0
RegSetValueExW(80000001,di,0,1,2621d24,4)
{"lDistanceToMove": "fffffc00", "dwMoveMethod": "2", "lpDistanceToMoveHigh": "0", "hFile": "318"}
1b0
12c
2c8
1a0
bc
cc
228
1f0
190
b4
2a4
c8
80000004
184
178
128
b8
284
2cc
<NULL>
5a9219bbb7fe75954f8fa08fcca53427
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\2dd6ac50\\553abeb3\\58"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Security__b03f5f7f11d50a3a"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.Accessibility__b03f5f7f11d50a3a"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_LOCALMACHINE_LOCKDOWN"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a"}
{"hKey": "280", "phkResult": "0", "lpSubKey": "Microsoft\\Internet Explorer\\Security"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework\\Policy\\Standards"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_PROTOCOL_LOCKDOWN"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\1c22df2f\\4f99a7c9"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\4f99a7c9\\191b956f\\66"}
{"hKey": "b8", "phkResult": "0", "lpSubKey": "v2.0.50727"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Deployment__b03f5f7f11d50a3a"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\181938c6\\7950e2c5"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\6dc7d4c0\\c47ad54\\56"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\StrongName"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.Accessibility__b03f5f7f11d50a3a"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Windows.Forms__b77a5c561934e089"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework"}
{"hKey": "128", "phkResult": "0", "lpSubKey": "LocalIntranet"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Runtime.Remoting__b77a5c561934e089"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Windows.Forms__b77a5c561934e089"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Security__b03f5f7f11d50a3a"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\c991064\\5086dba8\\51"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework\\Policy\\"}
{"hKey": "27c", "phkResult": "0", "lpSubKey": "Microsoft\\Internet Explorer\\Security"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"}
{"hKey": "b4", "phkResult": "0", "lpSubKey": "Standards"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001"}
{"hKey": "b4", "phkResult": "0", "lpSubKey": "Upgrades"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Web__b03f5f7f11d50a3a"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\1c22df2f\\4f99a7c9\\66"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\3ced59c5\\48d69eb2\\54"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\30bc7c4f\\3f50fe4f"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\24bf93f6\\708deaf7\\46"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\41c04c7e\\4bf62c79\\50"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\61e7e666\\c991064"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\3f50fe4f\\265c633d\\60"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\3cca06a0\\6dc7d4c0\\b"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System__b77a5c561934e089"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\424bd4d8\\324708cb\\5c"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\services.exe"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "index1c2"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3979321414-2393373014-2172761192-1000"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Runtime.Remoting__b77a5c561934e089"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\Setup"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\61e7e666\\c991064\\a"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Drawing__b03f5f7f11d50a3a"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\2b1a4e4\\3822b536\\f"}
{"hKey": "b4", "phkResult": "0", "lpSubKey": "v2.0"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Web__b03f5f7f11d50a3a"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\7950e2c5\\4b5f28af\\5f"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Configuration__b03f5f7f11d50a3a"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Xml__b77a5c561934e089"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\19ab8d57\\c91dbb2\\5e"}
{"hKey": "264", "phkResult": "0", "lpSubKey": "FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Management__b03f5f7f11d50a3a"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\6a\\68a8ac6a"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Management__b03f5f7f11d50a3a"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Fusion"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\475dce40\\1c022996\\5b"}
{"hKey": "1a0", "phkResult": "0", "lpSubKey": "policy.2.0.System.Drawing__b03f5f7f11d50a3a"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "IL\\f6e8397\\628bc3e2\\47"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "128", "phkResult": "0", "lpSubKey": "Internet"}
{"hKey": "b4", "phkResult": "0", "lpSubKey": "AppPatch"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.2.0.System.Deployment__b03f5f7f11d50a3a"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Fusion"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\.NETFramework\\Policy\\Standards"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\181938c6\\7950e2c5\\16"}
{"hKey": "17c", "phkResult": "0", "lpSubKey": "NI\\30bc7c4f\\3f50fe4f\\18"}
{"hKey": "198", "phkResult": "0", "lpSubKey": "policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"}
Global\CLR_CASOFF_MUTEX
{"Reserved": "0", "hKey": "80000001", "lpData": "2571d54", "dwType": "1", "lpValueName": "di", "cbData": "4"}
{"Reserved": "0", "hKey": "80000001", "lpData": "2621d24", "dwType": "1", "lpValueName": "di", "cbData": "4"}
{"nNumberOfBytesToWrite": "15600", "lpOverlapped": "0", "lpBuffer": "3606de0", "lpNumberOfBytesWritten": "32e974", "hFile": "1f4"}
"C:\Windows\services.exe"
C:\1710281010_1.exe
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\services.exe
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.2976.747515
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.2976.747515
C:\Users\win7\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2976.747531
ShellExecuteEx
ShellExecuteExW
{"h_key": "80000002", "samDesired": "20119", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "74a55a00", "lpSubKey": "Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"}
Precise Detectors Analysis Results
Detector Name | Date | Verdict | Reason | |
---|---|---|---|---|
Static Precise PUA Detector 1 | 2017-10-28 17:19:50.167655 | No Match | help | NotDetected |
Static Precise Virus Detector | 2017-10-28 17:19:50.185666 | No Match | help | NotDetected |
Static Precise Trojan Detector | 2017-10-28 17:19:50.178265 | No Match | help | NotDetected |
Static Precise Adware InstallCore Detector 1 | 2017-10-28 17:19:50.181629 | No Match | help | NotDetected |
Static Precise Trojan Detector 2 | 2017-10-28 17:19:50.189655 | No Match | help | NotDetected |
Static Precise Trojan Detector 3 | 2017-10-28 17:19:50.223799 | No Match | help | NotDetected |
Static Precise Trojan Generic Cryptor Detector 1 | 2017-10-28 17:19:50.191800 | No Match | help | NotDetected |
Static Precise Virus Detector 2 | 2017-10-28 17:19:50.202564 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|