Analyzing...
|
File Name:   uninstall.exe
SHA1:   6d6821b2561dfcf27751f37410151bd815130c63
MD5:   f7d1e149a12d0e793e4d196c9ce21594
First Seen Date:  2016-05-09 06:25:11.639185 ( )
Number of Clients Seen:   14
Last Analysis Date:  2016-05-09 06:25:11.639240 ( )
Human Expert Analysis Date:  2016-06-30 08:47:31.346033 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-05-09 06:25:11.639240 | Clean | |
Static Analysis Overall Verdict | 2016-05-09 06:25:11.639240 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2016-05-09 06:25:11.639240 | Highly Suspicious | |
Human Expert Analysis Overall Verdict | 2016-06-30 08:47:31.346033 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
TLS callback functions array detected | Clean |
Anti-debug calls
FindWindowExA
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Modifies Windows policies | |
Modifies Windows Service Keys | |
Has no visible windows |
Behavioral Information
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
SHFOLDER
ole32.dll
comctl32.dll
ADVAPI32.dll
propsys.dll
ntmarta.dll
SHELL32.dll
C:\
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\AppData
C:\Users\win7\AppData\Local
C:\Users\win7\AppData\Local\Temp
C:\Users\win7\Searches\desktop.ini
C:\Users\win7\Videos\desktop.ini
SOFTWARE\Microsoft\OLEAUT
Software\Microsoft\Windows\CurrentVersion\Setup
Software\Microsoft\Windows\CurrentVersion
system\CurrentControlSet\control\NetworkProvider\HwOrder
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Au_.exe
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
{babe9b11-0f98-11e5-b301-806e6f6e6963}\
Drive\shellex\FolderExtensions
Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
Software\Policies\Microsoft\Windows\Explorer
Software\Microsoft\COM3
CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
InprocServer32
Software\Microsoft\OLE
TreatAs
System\CurrentControlSet\Services\LDAP
Software\Microsoft\Windows\CurrentVersion\Explorer
<NULL>
Advanced
Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
Directory
CurVer
ShellEx\IconHandler
Folder
AllFilesystemObjects
DocObject
BrowseInPlace
Clsid
Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
PropertyBag
SessionInfo\1
KnownFolders
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
{5E6C858F-0E22-4760-9AFE-EA3317B67173}
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3979321414-2393373014-2172761192-1000
{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
Software\Microsoft\Rpc
Software\Policies\Microsoft\Windows NT\Rpc
{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}
{F38BF404-1D43-42F2-9305-67DE0B28FC23}
{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}
{2112AB0A-C86A-4FFE-A368-0DE96E47012E}
{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}
{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
{9E52AB10-F80D-49DF-ACB8-4330F5687855}
{98EC0E18-2098-4D44-8644-66979315A281}
{A4115719-D62E-491D-AA7C-E74B8BE3B067}
{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}
{18989B1D-99B5-455B-841C-AB7C74E4DDFC}
{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
{DE974D24-D9C6-4D3E-BF91-F4455120B917}
{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}
{76FC4E2D-D6AD-4519-A663-37BD56068185}
{A75D362E-50FC-4FB7-AC2C-A8BEAA314493}
{491E922F-5643-4AF4-A7EB-4E7A138D8174}
{33E28130-4E1E-4676-835A-98395C3BC3BB}
{8AD10C31-2ADB-4296-A8F7-E4701232C972}
{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}
{DEBF2536-E1A8-4C59-B6A2-414586476AEA}
{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}
{2400183A-6185-49FB-A2D8-4A392A602BA3}
{D9DC8A3B-B784-432E-A781-5A1130A75963}
{C4900540-2379-4C75-844B-64E6FAF8716B}
{289A9A43-BE44-4057-A41B-587A76D7E7F9}
{4BFEFB45-347D-4006-A5BE-AC0CB0567192}
{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}
{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}
{C870044B-F49E-4126-A9C3-B52A1FF411E8}
{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
{C5ABBF53-E17F-4121-8900-86626FC2C973}
{56784854-C6CB-462B-8169-88E350ACB882}
{7B396E54-9EC5-4300-BE0A-2482EBAE1A26}
{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}
{A302545D-DEFF-464B-ABE8-61C8648D939B}
{2B0F765D-C0E9-4171-908E-08A611B84FF6}
{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}
{E555AB60-153B-4D17-9F04-A5FE99FC15EC}
{054FAE61-4DD8-4787-80B6-090220C4B700}
{1777F761-68AD-4D8A-87BD-30B759FA33DD}
{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}
{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}
{8983036C-27C0-404B-8F08-102D10DCFD74}
{BCB5256F-79F6-4CEE-B725-DC34E402FD46}
{724EF170-A42D-4FEF-9F26-B60E846FBA4F}
{4BD8D571-6D19-48D3-BE97-422220080E43}
{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}
{0762D272-C50A-4BB0-A382-697DCD729B80}
{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
{0AC0837C-BBF8-452A-850D-79D08E667CA7}
{D0384E7D-BAC3-4797-8F14-CBA229B392B5}
{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}
{AE50C081-EBD2-438A-8655-8A092E34987A}
{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}
{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}
{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}
{374DE290-123F-4565-9164-39C4925E467B}
{859EAD94-2E85-48AD-A71A-0969CB56A6CD}
{A305CE99-F527-492B-8B1A-7E76FA98D6E4}
{3D644C9B-1FB8-4F30-9B45-F670235F79C0}
{A990AE9F-A03B-4E80-94BC-9912D7504104}
{DFDF76A2-C82A-4D63-906A-5644AC457385}
{1A6FDBA2-F42D-4358-A798-B74D745926C5}
{A520A1A4-1780-4FF6-BD18-167343C5AF16}
{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}
{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}
{9E3995AB-1F9C-4F13-B827-48B24B6C7174}
{DF7266AC-9274-4867-8D55-3BD661DE872D}
{ED4824AF-DCE4-45A8-81E2-FC7965083634}
{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
{15CA69B3-30EE-49C1-ACE1-6B5EC372AFB5}
{3214FAB5-9757-4298-BB61-92A9DEAA44FF}
{905E63B6-C1BF-494E-B29C-65B732D3D21A}
{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
{B97D20BB-F46A-4C97-BA10-5E3608430854}
{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}
{DE92C1C7-837F-4F69-A3BB-86E631204A23}
{10C07CD0-EF91-4567-B850-448B77CB37F9}
{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}
{190337D1-B8CA-4121-A639-6D472D16972A}
{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}
{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}
{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}
{B94237E7-57AC-4347-9151-B08C6C32D1F7}
{352481E8-33BE-4251-BA85-6007CAEDCF9D}
{A63293E8-664E-48DB-A079-DF759E0509F7}
{5CE4A5E9-E4EB-479D-B89F-130C02886155}
{82A74AEB-AEB4-465C-A014-D097EE346D63}
{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
{43668BF8-C14E-49B2-97C9-747784D784B7}
{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}
{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}
<NULL>
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Su_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Tu_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Uu_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Vu_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Wu_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Xu_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Yu_.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Zu_.exe
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-06-30 06:41:56.046448 ( )
Analysis End Date:  2016-06-30 08:47:31.346033 ( )
File Upload Date:  2016-06-28 21:40:04.803760 ( )
Update Date:  2016-06-30 08:47:31.393553 ( )
Human Expert Analyst Feedback:   Safe
Verdict:   Clean
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|