|
Analyzing...
|
File Name: None
SHA1: 51e27559ba20ade9b6adf05d911f4bb927de6ad4
MD5: c6830efb14d4f80e1ba6a9e56d05bce6
First Seen Date: 2018-03-25 08:42:49.350145 ( )
Number of Clients Seen: 7
Last Analysis Date: 2018-04-11 09:36:30.416404 ( )
Human Expert Analysis Date: 2018-04-11 09:36:30.244325 ( )Human Expert Analysis Result: Malware
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2018-04-11 09:36:30.416404 | Malware | |
| Static Analysis Overall Verdict | 2018-04-11 09:36:30.416404 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2018-04-11 09:36:30.416404 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2018-04-11 09:36:30.416404 | No Match | help |
| Human Expert Analysis Overall Verdict | 2018-04-11 09:36:30.244325 | Malware | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Suspicious | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Suspicious | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Reads memory of another process | |
| Opens a file in a system directory | |
Behavioral Information
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
COMCTL32
kernel32.dll
C:\Windows\SysWOW64\TSAPPCMP.DLL
Ntdll.dll
C:\Windows\SysWOW64\SHLWAPI.DLL
C:\Windows\SysWOW64\OLE32.DLL
ADVAPI32.dll
CRYPTBASE.dll
C:\Windows\SysWOW64\KERNEL32.DLL
MsiMsg.dll
comctl32.dll
UxTheme.dll
C:\Windows\system32\ole32.dll
C:\Windows\SysWOW64\SHELL32.DLL
ole32.dll
propsys.dll
C:\Windows\SysWOW64\NETAPI32.DLL
C:\Windows\SysWOW64\ADVAPI32.DLL
API-MS-Win-Security-LSALookup-L1-1-0.dll
C:\Windows\SysWOW64\APPHELP.DLL
C:\Windows\SysWOW64\VERSION.DLL
C:\Windows\SysWOW64\sxs.DLL
C:\Windows\SysWOW64\MSCOREE.DLL
SHLWAPI.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
C:\Windows\SysWOW64\NTDLL.DLL
SspiCli.dll
C:\Windows\SysWOW64\SAGE.DLL
C:\Windows\system32\kernel32.dll
C:\Windows\system32\wininet.dll
C:\Windows\SysWOW64\USER32.DLL
C:\Windows\SysWOW64\RPCRT4.DLL
41
70
44
69
43
74
42
75
49
5f
46
4e
45
58
54
4c
53
65
4d
50
59
4f
52
55
6e
61
4b
72
57
6f
56
6c
78
68
47
48
73
79
64
63
"C:\Windows\system32\msiexec.exe" /i "C:\Users\win7\AppData\Roaming\JetStar Media\JetStar Mediaab 1.0.0\install\JetStar MediaMI.msi" AI_SETUPEXEPATH=C:\None SETUPEXEDIR=C:\ EXE_CMD_LINE="/exenoupdates "
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Temp\MSIA322.tmp
Local\MSCTF.Asm.MutexDefault1
C:\Users\win7\AppData\Local\Temp\MSIA322.tmp
<NULL>
Global\_MSIExecute
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\msi.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\SysWOW64\MSCOREE.DLL
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\N
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE\AppCompat
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Static Precise PUA Detector 1 | 2018-03-25 08:42:41.682057 | No Match | help | NotDetected |
| Static Precise PUA Detector 5 | 2018-03-25 08:42:41.753442 | No Match | help | NotDetected |
| Static Precise Trojan Detector 1 | 2018-03-25 08:42:41.753195 | No Match | help | NotDetected |
| Static Precise Trojan Detector 2 | 2018-03-25 08:42:41.753647 | No Match | help | NotDetected |
| Static Precise Trojan Detector 3 | 2018-03-25 08:42:41.753547 | No Match | help | NotDetected |
| Static Precise Trojan Detector 10 | 2018-03-25 08:42:41.823514 | No Match | help | NotDetected |
| Static Precise Virus Detector 1 | 2018-03-25 08:42:41.824684 | No Match | help | NotDetected |
| Static Precise Virus Detector 2 | 2018-03-25 08:42:41.816893 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2018-04-10 16:25:33.379153 ( )
Analysis End Date: 2018-04-11 09:36:30.244325 ( )
File Upload Date: 2018-04-10 16:05:57.193659 ( )
Update Date: 2018-04-11 09:36:30.262184 ( )
Human Expert Analyst Feedback: Malware
Verdict: Malware
Malware Family: Trojware.Win32.Agent
Malware Type: Trojan Generic
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|