Analyzing...
|
File Name:   3008c111.exe
SHA1:   40883d19c621d88c14e8e57014aa37591e23c711
MD5:   74e68b34d1b6afe450dbcf1b765bb84c
First Seen Date:  2015-10-07 19:18:02.349000 ( )
Number of Clients Seen:   6
Last Analysis Date:  2016-04-09 23:49:34.533675 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-09 23:49:34.533675 | Malware | |
Static Analysis Overall Verdict | 2016-04-09 23:49:34.533675 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2016-04-09 23:49:34.533675 | Highly Suspicious |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Anti-debug calls
FindWindowA
FindWindowExW
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Uses a function clandestinely | |
Has no visible windows |
Behavioral Information
RasPbFile
RasPbFile
ntdll.dll
SHLWAPI.dll
KERNEL32.dll
USER32.dll
ADVAPI32.dll
SHELL32.dll
ole32.dll
ZwOpenProcess
OpenProcess
CreateRemoteThread
CreateProcessA
ShellExecuteW
ShellExecuteExW
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|