|
Analyzing...
|
File Name: pcfixersetup.exe
SHA1: 4ae550873f1b7f2a68a8380b182927a751c84186
MD5: 255492f03d9a0b9da0c7f853d3803562
First Seen Date: 2017-05-23 00:19:59.673626 ( )
Number of Clients Seen: 4
Last Analysis Date: 2017-05-23 00:19:59.673626 ( )
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-05-23 00:19:59.673626 | PUA | |
| Static Analysis Overall Verdict | 2017-05-23 00:19:59.673626 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2017-05-23 00:19:59.673626 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2017-05-23 00:19:59.673626 | No Match | help |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Reads memory of another process | |
| Opens a file in a system directory | |
Behavioral Information
C:\Users\win7\AppData\Local\Temp\is-IP2L5.tmp\pcfixersetup.tmp
C:\Windows\SysWOW64\taskkill.exe
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\system32\PROPSYS.dll
.exe
program
file
ProcessID
EnablePrivateObjectHeap
ContextLimit
ObjectLimit
IdentifierLimit
RegisteredOwner
RegisteredOrganization
WaitToKillServiceTimeout
CreateUriCacheSize
EnablePunycode
FrameTabWindow
FrameMerging
SessionMerging
AdminTabProcs
TabProcGrowth
DisableSecuritySettingsCheck
SystemSetupInProgress
SpecialFoldersCacheSize
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
Software\Microsoft\RestartManager\Session0000
C:\Windows\system32\rsaenh.dll
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\_isetup\_iscrypt.dll
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\isxdl.dll
C:\pcfixersetup.exe
\??\C:\Windows\SysWOW64\ieframe.dll
C:\
C:\Windows
C:\Windows\System32
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Windows\System32\taskkill.exe
C:\Windows\Fonts\staticcache.dat
Software\Microsoft\WBEM\CIMOM
SOFTWARE\Microsoft\Windows NT\CurrentVersion
System\CurrentControlSet\Control
Software\Microsoft\RestartManager
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
Software\Policies
Software
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Software\Microsoft\Internet Explorer\Main
Software\Policies\Microsoft\Internet Explorer\Main
FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
Software\Policies\Microsoft\Internet Explorer
Microsoft\Internet Explorer\Security
System\Setup
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
FEATURE_PROTOCOL_LOCKDOWN
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Tahoma
MS Sans Serif
Verdana
Software\Microsoft\Windows\CurrentVersion\Uninstall\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1
Arial
<NULL>
Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
DefaultTabtip-MainUI
"C:\Windows\System32\taskkill.exe" /f /im "scad.exe"
"C:\Windows\System32\taskkill.exe" /f /im "ASCValidatorService.exe"
API-MS-Win-Security-LSALookup-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
C:\Windows\system32\Winsta.dll
C:\Windows\SysWOW64\taskkill.exe
ADVAPI32.dll
CRYPTBASE.dll
OLEAUT32.dll
ole32.dll
comctl32.dll
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\_isetup\_shfoldr.dll
shfolder.dll
shell32.dll
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\_isetup\_iscrypt.dll
Rstrtmgr.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
C:\Users\win7\AppData\Local\Temp\is-T4VGG.tmp\isxdl.dll
wininet.dll
kernel32.dll
Urlmon.dll
propsys.dll
C:\Windows\SysWOW64\ieframe.dll
SHELL32.dll
ntmarta.dll
Secur32.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
C:\Windows\system32\msi.dll
uxtheme.dll
UxTheme.dll
IMM32.dll
C:\Windows\system32\imageres.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\shlwapi.dll
URLDownloadToFileA
InternetReadFile
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Uninstaller FP Detector | 2017-05-23 00:19:11.066538 | No Match | help | No match. |
| Yara Rule Static Malware Detector | 2017-05-23 00:19:11.178270 | No Match | help | No match. |
| Static Precise PUA Detector 1 | 2017-05-23 00:19:11.055792 | No Match | help | NotDetected |
| Static Precise Virus Detector | 2017-05-23 00:19:11.053288 | No Match | help | NotDetected |
| Static Precise Trojan Detector | 2017-05-23 00:19:11.055511 | No Match | help | NotDetected |
| Malicious Url Detector | 2017-05-23 00:19:59.654790 | No Match | help | No match. |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|