Analyzing...
|
File Name:   read.exe
SHA1:   609a7202a7f7fcc1d7ba80e6c62a48f31d9b4404
MD5:   50a60c10da0477a7357ada70514545e8
First Seen Date:  2016-12-30 00:52:39.866429 ( )
Number of Clients Seen:   5
Last Analysis Date:  2016-12-30 00:52:39.866429 ( )
Human Expert Analysis Date:  2016-12-30 04:29:34.904567 ( )Human Expert Analysis Result:   Malware
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-12-30 00:52:39.866429 | Malware | |
Static Analysis Overall Verdict | 2016-12-30 00:52:39.866429 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2016-12-30 00:52:39.866429 | Highly Suspicious | |
Human Expert Analysis Overall Verdict | 2016-12-30 04:29:34.904567 | Malware |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
TLS callback functions array detected | Clean |
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Has no visible windows |
Behavioral Information
C:\read.exe
C:\
C:\Windows
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\read.exe
C:\Users\win7\AppData\Local\Temp\nsd8B92.tmp
C:\Users\win7\AppData\Local\Temp\datepicke_calendar.js
C:\Users\win7\AppData\Local\Temp\ubh-logo.e64908a43979.png
C:\Users\win7\AppData\Local\Temp\dropdown_french.css
C:\Users\win7\AppData\Local\Temp\EmbedPlayer.js
C:\Users\win7\AppData\Local\Temp\leader.0v
conflictkut 'C:\Users\win7\AppData\Local\Temp\conflictkuleader.0v'
t 'C:\Users\win7\AppData\Local\Temp\conflictkuleader.0v'
t 'C:\Users\win7\AppData\Local\Temp\leader.0v'
C:\Users\win7\AppData\Local\Temp\nso8C20.tmp\System.dll
C:\Windows\system32\UXTHEME.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\SETUPAPI.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
advapi32.dll
C:\Windows\system32\APPHELP.dll
C:\Windows\system32\PROPSYS.dll
ADVAPI32.dll
propsys.dll
C:\Windows\system32\DWMAPI.dll
C:\Windows\system32\CRYPTBASE.dll
C:\Windows\system32\OLEACC.dll
OLEACCRC.DLL
C:\Windows\system32\CLBCATQ.dll
C:\Windows\system32\SHFOLDER.dll
ole32.dll
comctl32.dll
SHELL32.dll
ntmarta.dll
C:\Users\win7\AppData\Local\Temp\nso8C20.tmp\System.dll
psapi
<NULL>
C:\Users\win7\AppData\Local\Temp\nsd8B91.tmp
C:\Users\win7\AppData\Local\Temp\nso8C20.tmp
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-12-30 03:08:37.310012 ( )
Analysis End Date:  2016-12-30 04:29:34.904567 ( )
File Upload Date:  2016-12-30 00:52:40.043201 ( )
Update Date:  2017-01-10 05:39:33.065973 ( )
Human Expert Analyst Feedback:   Trojan.Ransom.Cerber
Verdict:   Malware
Malware Family:   Trojan.Ransom.Cerber
Malware Type:   Trojan Generic
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|