|
Analyzing...
|
File Name: Uninstall.exe
SHA1: 5d999c0c8ea71726f1866e5d1f1c9ae29abf0361
MD5: a894fc3748fa680fafa0e11fef95aff0
First Seen Date: 2016-10-04 18:10:49.555793 ( )
Number of Clients Seen: 40
Last Analysis Date: 2017-03-02 18:10:03.980536 ( )
Human Expert Analysis Date: 2016-10-04 21:47:56.498367 ( )Human Expert Analysis Result: Clean
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-03-02 18:10:03.980536 | Clean | |
| Static Analysis Overall Verdict | 2017-03-02 18:10:03.980536 | Highly Suspicious | |
| Dynamic Analysis Overall Verdict | 2017-03-02 18:10:03.980536 | No Threat Found | help |
| Human Expert Analysis Overall Verdict | 2016-10-04 21:47:56.498367 | Clean | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Suspicious | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Packer detection on signature database
Armadillo v1.71
Microsoft Visual C++ v5.0/v6.0 (MFC)
Microsoft Visual C++
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Writes to address space of another process | |
| Has no visible windows | |
Behavioral Information
C:\Users\win7\AppData\Local\Temp\7zF8D329FC\Uninst.exe
comctl32.dll
UxTheme.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2016-10-14 17:46:43.277810 ( )
Analysis End Date: 2016-10-04 21:47:56.498367 ( )
File Upload Date: 2016-10-04 18:10:49.952335 ( )
Update Date: 2016-10-14 17:46:43.292958 ( )
Human Expert Analyst Feedback: The file is safe.
Verdict: Clean
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|