Analyzing...

File Name: a754ba970ae05659445f39a3c858ed52f8fa6d3dee37b58f480f5d481a9b8131.exe

SHA1: 39ef96e0781b4a4d54c4c6ce55aabbd9b4cfb3de

MD5: 69935bc27fe70192f8d8978057e66aff

First Seen Date: 2017-09-12 22:41:30.264020 ( 2017-09-12 22:41:30.264020 )

Number of Clients Seen: 10

Last Analysis Date: 2017-09-14 01:36:14.030979 ( 2017-09-14 01:36:14.030979 )

Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.

Analysis Summary

Analysis Type	Date	Verdict
Signature Based Detection	2017-09-14 01:36:14.030979	Malware
Static Analysis Overall Verdict	2017-09-14 01:36:14.030979	No Threat Found
Dynamic Analysis Overall Verdict	2017-09-14 01:36:14.030979	No Threat Found
Precise Detectors Overall Verdict	2017-09-14 01:36:14.030979	No Match

Static Analysis

Static Analysis Overall Verdict	Result
No Threat Found

Detector	Result
Optional Header LoaderFlags field is valued illegal	Clean
Non-ascii or empty section names detected	Clean
Illegal size of optional Header	Clean
Packer detection on signature database	Unknown
Based on the sections entropy check! file is possibly packed	Suspicious
Timestamp value suspicious	Clean
Header Checksum is zero!	Clean
Enrty point is outside the 1st(.code) section! Binary is possibly packed	Clean
Optional Header NumberOfRvaAndSizes field is valued illegal	Clean
Anti-vm present	Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger	Clean
TLS callback functions array detected	Clean

Packer detection on signature database

Microsoft CAB SFX

Dynamic Analysis

Dynamic Analysis Overall Verdict	Result
No Threat Found

Suspicious Behaviors
Opens a file in a system directory
Has no visible windows

Behavioral Information

RegCloseKey

13c

144

140

150

148

QueryFilePath

C:\Users\win7\AppData\Local\Temp\IXP000.TMP\1.xyz

C:\Users\win7\AppData\Local\Tem

C:\Windows\syswow64\USER32.dll

C:\Windows\syswow64\MSCTF.dll

ReadRegisteryKey

Plane4

Plane5

Plane6

Plane7

Plane1

Plane2

Plane3

Plane8

Plane9

Disable

DataFilePath

Plane16

Plane14

Plane15

Plane12

Plane13

Plane10

Plane11

File3

File2

File1

File4

PreviewPages

CreateFile

{"dwCreationDisposition": "3", "path": "C:\\Windows\\Fonts\\staticcache.dat", "dwDesiredAccess": "80000000", "dwShareMode": "5"}

OpenRegisteryKey

{"hKey": "15c", "phkResult": "0", "lpSubKey": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "150", "phkResult": "0", "lpSubKey": "Tahoma"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "158", "phkResult": "0", "lpSubKey": "PropertyBag"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\CTF\\"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "Keyboard Layout\\Toggle"}

{"hKey": "154", "phkResult": "0", "lpSubKey": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"}

{"hKey": "154", "phkResult": "0", "lpSubKey": "PropertyBag"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\CTF\\DirectSwitchHotkeys"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"}

{"hKey": "158", "phkResult": "0", "lpSubKey": "SessionInfo\\1"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\CTF\\TIP\\"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"}

{"hKey": "174", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041f"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\1.xyz"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "154", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "154", "phkResult": "0", "lpSubKey": "KnownFolders"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\OLEAUT"}

{"hKey": "16c", "phkResult": "0", "lpSubKey": "{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\CTF\\KnownClasses"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Setup"}

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

oledlg.dll

OLEPRO32.DLL

SHELL32.dll

USER32.dll

WINSPOOL.DRV

COMCTL32.DLL

kernel32.dll

shell32.dll

advapi32.dll

psapi.dll

C:\Windows\system32\ole32.dll

C:\Windows\syswow64\MSCTF.dll

OLEAUT32.DLL

Precise Detectors Analysis Results

Detector Name	Date	Verdict	Reason
Static Precise Trojan Detector 2	2017-09-14 01:35:51.558604	No Match	NotDetected
Static Precise Trojan Detector 3	2017-09-14 01:35:51.576341	No Match	NotDetected
Static Precise Adware InstallCore Detector 1	2017-09-14 01:35:51.590433	No Match	NotDetected
Static Precise Trojan Generic Cryptor Detector 1	2017-09-14 01:35:51.577256	No Match	NotDetected
Static Precise PUA Detector 1	2017-09-14 01:35:52.069070	No Match	NotDetected
Static Precise Virus Detector	2017-09-14 01:35:51.775310	No Match	NotDetected
Static Precise Trojan Detector	2017-09-14 01:35:51.777035	No Match	NotDetected
Static Precise Virus Detector 2	2017-09-14 01:35:51.731318	No Match	NotDetected

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Property	Value

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5

File Name: a754ba970ae05659445f39a3c858ed52f8fa6d3dee37b58f480f5d481a9b8131.exe

SHA1: 39ef96e0781b4a4d54c4c6ce55aabbd9b4cfb3de

MD5: 69935bc27fe70192f8d8978057e66aff

First Seen Date: 2017-09-12 22:41:30.264020 ( 2017-09-12 22:41:30.264020 )

Number of Clients Seen: 10

Last Analysis Date: 2017-09-14 01:36:14.030979 ( 2017-09-14 01:36:14.030979 )

Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.

Analysis Summary

Static Analysis

Packer detection on signature database

Dynamic Analysis

a754ba970ae05659445f39a3c858ed52f8fa6d3dee37b58f480f5d481a9b8131.exe tried to connect to some addresses pinned on the map below (click pins for more details):

Behavioral Information

RegCloseKey

QueryFilePath

ReadRegisteryKey

CreateFile

OpenRegisteryKey

CreateMutex

OpenMutex

LoadLibrary

Precise Detectors Analysis Results

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

PE Sections

PE Imports

PE Exports

PE Resources