Analyzing...
|
File Name:   Jocer.exe
SHA1:   5ddd3c17331172db38a82fc03ae2f9b28e9c625d
MD5:   2a1cda2a4885e8927997a6dcbedac40b
First Seen Date:  2017-01-18 21:49:29.947569 ( )
Number of Clients Seen:   5
Last Analysis Date:  2017-01-18 21:49:29.947569 ( )
Human Expert Analysis Date:  2017-01-27 10:34:54.510482 ( )Human Expert Analysis Result:   PUA
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-01-18 21:49:29.947569 | Malware | |
Static Analysis Overall Verdict | 2017-01-18 21:49:29.947569 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2017-01-18 21:49:29.947569 | No Threat Found | help |
Human Expert Analysis Overall Verdict | 2017-01-27 10:34:54.510482 | PUA |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
TLS callback functions array detected | Clean |
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Creates a child process | |
Reads memory of another process |
Behavioral Information
Local\MSCTF.Asm.MutexDefault1
C:\Jocer.exe
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
CreateUriCacheSize
EnablePunycode
FrameTabWindow
FrameMerging
SessionMerging
AdminTabProcs
TabProcGrowth
ShortcutBehavior
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
\??\C:\Windows\SysWOW64\ieframe.dll
http://red-hack.ru/
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\win7\AppData\Local\Temp\\svchost.exe
C:\Users\win7\AppData\Local\Temp\\NewDll.dll
C:\Windows\Fonts\staticcache.dat
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
Software\Microsoft\Internet Explorer\Main
Software\Policies\Microsoft\Internet Explorer\Main
Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing
Software\Microsoft\Internet Explorer\TabbedBrowsing
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
MS Shell Dlg
Arial
<NULL>
"http://red-hack.ru"
"C:\Program Files\Internet Explorer\iexplore.exe" http://red-hack.ru/
kernel32.dll
MSVCRT.dll
KERNEL32.dll
NTDLL
USER32.DLL
GDI32.DLL
ADVAPI32.DLL
COMCTL32.DLL
OLE32.DLL
SHELL32.DLL
WSOCK32.DLL
ws2_32
WINMM.DLL
Kernel32.dll
msimg32.dll
uxtheme.dll
SHELL32.dll
ole32.dll
ADVAPI32.dll
propsys.dll
comctl32.dll
C:\Windows\SysWOW64\ieframe.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
urlmon.dll
api-ms-win-downlevel-shlwapi-l2-1-0.dll
PROPSYS.dll
OLEAUT32.dll
iertutil.dll
USER32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
Kernel32.DLL
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
UxTheme.dll
OLEAUT32.DLL
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2017-01-27 07:52:51.277397 ( )
Analysis End Date:  2017-01-27 10:34:54.510482 ( )
File Upload Date:  2017-01-18 21:49:30.113373 ( )
Update Date:  2017-01-27 10:34:54.521692 ( )
Human Expert Analyst Feedback:   Gamehack
Verdict:   PUA
Malware Family:   Application.Win32.Agent
Malware Type:   Virus
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|