Analyzing...

File Name: dio-562-rukovodstvo-po-ekspluatatsii_6d4-06d___.exe

SHA1: 89c0d3c4f1b0d988898e05bb79a67e56848a6b5a

MD5: e8ffa734ea0fa052867dcb4c350ea49b

First Seen Date: 2017-11-15 16:53:40.895206 ( 2017-11-15 16:53:40.895206 )

Number of Clients Seen: 7

Last Analysis Date: 2020-09-28 08:34:16.238109 ( 2020-09-28 08:34:16.238109 )

Human Expert Analysis Date: 2020-09-28 08:33:02.363065 ( 2020-09-28 08:33:02.363065 )

Human Expert Analysis Result: Malware

Analysis Summary

Analysis Type	Date	Verdict
Signature Based Detection	2018-11-05 22:48:15.510390	Malware
Static Analysis Overall Verdict	2020-09-28 08:34:16.238109	No Threat Found
Dynamic Analysis Overall Verdict	2020-09-28 08:34:16.238109	No Threat Found
Precise Detectors Overall Verdict	2020-09-28 08:34:16.238109	No Match
Human Expert Analysis Overall Verdict	2020-09-28 08:33:02.363065	Malware

Static Analysis

Static Analysis Overall Verdict	Result
No Threat Found

Detector	Result
Optional Header LoaderFlags field is valued illegal	Clean
Non-ascii or empty section names detected	Clean
Illegal size of optional Header	Clean
Packer detection on signature database	Unknown
Based on the sections entropy check! file is possibly packed	Clean
Timestamp value suspicious	Clean
Header Checksum is zero!	Clean
Enrty point is outside the 1st(.code) section! Binary is possibly packed	Clean
Optional Header NumberOfRvaAndSizes field is valued illegal	Clean
Anti-vm present	Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger	Clean
TLS callback functions array detected	Clean

Packer detection on signature database

Armadillo v1.71

Microsoft Visual C++ v5.0/v6.0 (MFC)

Microsoft Visual C++

Dynamic Analysis

Dynamic Analysis Overall Verdict	Result
No Threat Found

Suspicious Behaviors
Uses a function clandestinely
Has no visible windows

Behavioral Information

CreateMutex

<NULL>

LoadLibrary

Winscard.dll

gdiplus.dll

COMCTL32.dll

COMDLG32.dll

OLEAUT32.dll

POWRPROF.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

PSAPI.DLL

IPHLPAPI.DLL

WINTRUST.dll

QueryFilePath

C:\[udio-562-rukovodstvo-po-ekspluatatsii_6d4-06d___.exe]

QueryProcessAddress

OpenProcess

ReadProcessMemory

CreateProcessW

GetThreadContext

SetThreadContext

InternetReadFile

ShellExecuteW

IsDebuggerPresent

DeleteFile

zzkdkd

Precise Detectors Analysis Results

Detector Name	Date	Verdict	Reason
Static Precise PUA Detector 1	2017-11-16 21:09:56.600658	No Match	NotDetected
Static Precise Virus Detector	2017-11-16 21:09:56.561004	No Match	NotDetected
Static Precise Trojan Detector	2017-11-16 21:09:56.630450	No Match	NotDetected
Static Precise Adware InstallCore Detector 1	2017-11-16 21:09:56.576783	No Match	NotDetected
Static Precise Trojan Detector 2	2017-11-16 21:09:56.563266	No Match	NotDetected
Static Precise Trojan Detector 3	2017-11-16 21:09:56.596985	No Match	NotDetected
Static Precise Trojan Generic Cryptor Detector 1	2017-11-16 21:09:56.611723	No Match	NotDetected
Static Precise Virus Detector 2	2017-11-16 21:09:56.607129	No Match	NotDetected

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Human Expert Analysis Results

Analysis Start Date: 2020-09-28 07:53:42.411666 ( 2020-09-28 07:53:42.411666 )

Analysis End Date: 2020-09-28 08:33:02.363065 ( 2020-09-28 08:33:02.363065 )

File Upload Date: 2020-09-28 07:31:37.061831 ( 2020-09-28 07:31:37.061831 )

Update Date: 2020-09-28 08:33:50.813186 ( 2020-09-28 08:33:50.813186 )

Human Expert Analyst Feedback:

Verdict: Malware

Malware Family:

Malware Type: 0

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property	Value

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5