Analyzing...
|
File Name:   220_15603
SHA1:   43e6e4053e11d5800e424d96a7bcf02781201728
MD5:   fe05a5a737cf79e5fd0a93f390bce89e
First Seen Date:  2016-03-19 20:57:47.056472 ( )
Number of Clients Seen:   6
Last Analysis Date:  2016-04-10 09:59:00.738684 ( )
Human Expert Analysis Date:  2016-03-22 08:08:13.102131 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-10 09:59:00.738684 | Clean | |
Static Analysis Overall Verdict | 2016-04-10 09:59:00.738684 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2016-04-10 09:59:00.738684 | Highly Suspicious | |
Human Expert Analysis Overall Verdict | 2016-03-22 08:08:13.102131 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
TLS callback functions array detected | Clean |
Anti-debug calls
FindWindowExA
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Creates a child process | |
Writes to address space of another process | |
Uses a function clandestinely | |
Modifies Windows Service Keys | |
Reads memory of another process | |
Opens a file in a system directory | |
Has no visible windows |
Behavioral Information
WindowsCodecs.dll
C:\Windows\system32\twext.dll
C:\Windows\System32\shdocvw.dll
msls31.dll
C:\Windows\system32\acppage.dll
C:\Users\win7\AppData\Local\Temp\nsp2ECB.tmp\FindProcDLL.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
IPHLPAPI.DLL
comctl32.dll
setupapi.dll
C:\Windows\system32\D3D10Warp.dll
shell32.dll
CRYPTBASE.dll
WININET.dll
gdi32.dll
USER32.dll
Secur32.dll
user32.dll
DNSAPI.dll
SHELL32.dll
ntshrui.dll
DEVRTL.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
SHLWAPI.dll
winhttp.dll
PROPSYS.dll
WS2_32.dll
D3D10Warp.dll
ADVAPI32.dll
srvcli.dll
api-ms-win-downlevel-shlwapi-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
kernel32.dll
C:\Windows\system32\DXGIDebug.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
imageres.dll
d2d1.dll
PSAPI.DLL
netutils.dll
imm32.dll
d3d11.dll
ole32.dll
WINTRUST.dll
cscapi.dll
OLEAUT32.dll
C:\Users\win7\AppData\Roaming\vc_fibt\DXGIDebug.dll
Comctl32.dll
urlmon.dll
dxgi.dll
SETUPAPI.dll
C:\Windows\system32\ws2_32
IEFRAME.dll
dhcpcsvc.DLL
DWrite.dll
slc.dll
MLANG.dll
.exe
program
link
.lnk
DefaultConnectionSettings
<NULL>
DontUseDNSLoadBalancing
Compatible
Version
SendTimeOut
ReceiveTimeOut
ConnectRetries
ScavengeCacheLowerBound
WarnAlwaysOnPost
CombineFalseStartData
IECompatVersionHigh
DisableBranchCache
ProxyOverride
ProxyHttp1.1
DisableReadRange
PreConnectLimit
SavedLegacySettings
CacheMode
CreateUriCacheSize
CVListXMLVersionHigh
ConnectTimeOut
CoInternetCombineIUriCacheSize
Name
MaxConnectionsPerProxy
Platform
SessionMerging
WpadSearchAllDomains
WarnOnZoneCrossing
Size
MaxConnectionsPer1_0Server
SystemSetupInProgress
SecureProtocols
EnableHttp1_1
LeashLegacyCookies
ScavengeCacheFileLimit
FtpDefaultExpiryTimeSecs
HttpDefaultExpiryTimeSecs
IdnEnabled
IESansSerifFontName
SocketReceiveBufferLength
IECompatVersionLow
WpadExpirationDays
BadProxyExpiresTime
PreResolveLimit
MaxConnectionsPerServer
DisableSecuritySettingsCheck
IEFixedFontName
Use Web Based FTP
EnforceP3PValidity
WarnOnHTTPSToHTTPRedirect
AutoProxyDetectType
WarnOnBadCertRecving
AlwaysDrainOnRedirect
AdminTabProcs
SendExtraCRLF
EnableSpdyDebugAsserts
DisableBasicOverClearChannel
WpadOverride
ShareCredsWithWinHttp
IEPropFontName
DuoProtocols
CVListXMLVersionLow
ProxyServer
WpadDecision
AutoConfigURL
ScavengeCacheFileLifeTime
PrivacyAdvanced
SocketSendBufferLength
IESerifFontName
DnsCacheEntries
UseFirstAvailable
DnsCacheTimeout
WarnOnPost
FrameMerging
AutoDetect
SqmHttpStreamRandomUploadPoolSize
ServerInfoTimeout
DisableKeepAlive
CLSID
WpadDecisionTime
DisableFalseStartBlocklist
EnablePunycode
CertCacheNoValidate
ProxyEnable
KeepAliveTimeout
FrameTabWindow
DnsCacheEnabled
ClientAuthBuiltInUI
MaxHttpRedirects
IEUIFontName
WarnOnPostRedirect
EnableNegotiate
DisableNTLMPreAuth
TcpAutotuning
FromCacheTimeout
SyncMode5
FEATURE_CLIENTAUTHCERTFILTER
IEFontSizePrivate
TabProcGrowth
Win31FileSystem
PnpInstanceID
DaysToKeep
IEFontSize
EnableUTF8
ClientCacheSize
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Uninstall\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
Software\Microsoft\Internet Explorer\Main
\\.\PhysicalDrive10
C:\Users\win7\Contacts\desktop.ini
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
\\.\PhysicalDrive3
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½Ļ·ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
\\.\PhysicalDrive4
C:\Users\desktop.ini
C:\Users\win7\Favorites\desktop.ini
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
\??\C:\Windows\System32\shdocvw.dll
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
C:\Users\win7\AppData\Roaming\vc_fibt\vc_fibt.exe
C:\ProgramData\Microsoft
C:\Users\win7\Searches\desktop.ini
C:\
\\.\PhysicalDrive2
C:\Users\win7\Desktop\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
\\.\PhysicalDrive11
\\.\PIPE\srvsvc
\\.\PhysicalDrive1
\\.\PhysicalDrive13
C:\Users\win7\AppData\Local\Temp\nsp2ECB.tmp\System.dll
C:\Users\win7\AppData\Roaming\Microsoft\desktop.ini
\\.\PhysicalDrive12
C:\Users\win7\AppData\Roaming\vc_fibt\uninst.exe
C:\Users\Public
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\win7\Videos\desktop.ini
\\.\PhysicalDrive14
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft\Windows
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer
\\.\PhysicalDrive0
C:\Users\win7\AppData\Roaming\Microsoft\Windows
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½Ļ·ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\Š¶ļæ½Ų´ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
\\.\PhysicalDrive9
\\.\PhysicalDrive15
C:\Users\win7\Downloads\desktop.ini
C:\WINDOWS\FONTS\TIMES.TTF
C:\Users
C:\Users\win7
C:\Users\win7\Links\desktop.ini
\\.\PhysicalDrive8
C:\Users\win7\AppData\Roaming\Microsoft
\\.\PhysicalDrive7
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
C:\Users\win7\AppData
\??\C:\Windows\system32\acppage.dll
C:\Windows\system32\rsaenh.dll
C:\Users\win7\AppData\Roaming
C:\Users\win7\AppData\Local\Temp\nsp2ECB.tmp\FindProcDLL.dll
C:\ProgramData
C:\Windows
\\.\PhysicalDrive6
C:\Users\win7\Saved Games\desktop.ini
C:\Users\win7\AppData\Roaming\vc_fibt
\??\C:\Windows\system32\twext.dll
C:\ProgramData\Microsoft\Windows\Start Menu
\\.\PhysicalDrive5
\\.\Nsi
Software\Microsoft\Direct3D
FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
Software\Policies\Microsoft\PeerDist\Service
FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
Software\Policies\Microsoft\Internet Explorer\Main
FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
37wan.com
Microsoft\Internet Explorer\Security
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
Software\Policies\Microsoft\Internet Explorer
FEATURE_IEDDE_REGISTER_URLECHO
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
SYSTEM\CurrentControlSet\Control\FileSystem
FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
Software\Microsoft\Avalon.Graphics
FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
Software\Microsoft\Windows\CurrentVersion\Internet Settings
SYSTEM\CurrentControlSet\Services\FontCache\Parameters
FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
Content
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Control Panel
FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
Cookies
FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
FEATURE_MAXCONNECTIONSPER1_0SERVER
Pre Platform
Software\Policies
Software\Microsoft\DXGI
FEATURE_DIGEST_NO_EXTRAS_IN_URI
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CFE68B1E-656A-488B-8077-738CA67BA3A5}\Connection
FEATURE_BUFFERBREAKING_818408
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_INCLUDE_PORT_IN_SPN_KB908209
FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
Software
History
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
Post Platform
PrefetchPrerender
Software\Microsoft\Internet Explorer\Main
FEATURE_USE_CNAME_FOR_SPN_KB911149
Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
FEATURE_URLMON_IQDA_SIZE
System\Setup
SOFTWARE\Sicent\wx2004Clt
FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_MIME_HANDLING
{69DC4768-446B-4F82-A6B0-63966A243064}
FEATURE_MAXCONNECTIONSPERSERVER
Software\Microsoft\Direct3D\Drivers
Microsoft\Windows\CurrentVersion\Internet Settings\Url History
FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
FEATURE_SHIM_MSHELP_COMBINE
FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
PROTOCOLS\Name-Space Handler\
PROTOCOLS\Name-Space Handler\*\
BrowserStorage\AppCache
PROTOCOLS\Name-Space Handler\http\
Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
FEATURE_ISOLATE_NAMED_WINDOWS
FEATURE_SCRIPTURL_MITIGATION
EUDC\1252
RETRY_HEADERONLYPOST_ONCONNECTIONRESET
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
SOFTWARE\Hintsoft\pubwin
SOFTWARE\Hintsoft\PubwinClient
SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\users\S-1-5-21-3979321414-2393373014-2172761192-1000
Software\Microsoft\Ftp
MIME\Database\Content Type\text/xml
BrowserEmulation
Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.lnk
Local\ZonesCacheCounterMutex
<NULL>
Local\ZonesLockedCacheCounterMutex
!IECompat!Mutex
C:\Users\win7\AppData\Roaming\vc_fibt\iconTips.exe
"C:\Users\win7\AppData\Roaming\vc_fibt\vc_fibt.exe" /setupsucc
"C:\Users\win7\AppData\Roaming\vc_fibt\vc_fibt.exe" /autorun /setuprun
"C:\Users\win7\AppData\Roaming\vc_fibt\vc_fibt.exe" /ShowDeskTop
C:\Users\win7\AppData\Roaming\vc_fibt\iconAnimate.exe
C:\Windows\system32\acppage.dll
C:\sample
C:\Windows\system32\d3d11.dll
C:\Windows\system32\dxgi.dll
C:\Users\win7\AppData\Roaming\vc_fibt\vc_fibt.exe
C:\Windows\system32\D3D10Warp.dll
C:\Windows\system32\propsys.dll
C:\Windows\system32\twext.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Users\win7\AppData\Local\Temp\nsp2ECB.tmp\FindProcDLL.dll
C:\Users\win7\AppData\Local\Temp\nsp2ECB.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\InstallStat.tmp
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-03-21 07:55:34.668823 ( )
Analysis End Date:  2016-03-22 08:08:13.102131 ( )
File Upload Date:  2016-03-19 21:36:32.316681 ( )
Update Date:  2016-03-22 08:08:13.102136 ( )
Human Expert Analyst Feedback:   Clean.Game
Verdict:   Clean
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|