Analyzing...
|
File Name:   rx.exe
SHA1:   95478e9f6d2b116d5acc9941d00401bc6d22eebb
MD5:   854e31458bbe23fff7e318fd0eadc48f
First Seen Date:  2015-10-26 20:14:05.103000 ( )
Number of Clients Seen:   9
Last Analysis Date:  2016-04-10 04:19:03.332145 ( )
Human Expert Analysis Date:  2016-03-05 07:34:17.688954 ( )Human Expert Analysis Result:   Malware
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-10 04:19:03.332145 | Malware | |
Static Analysis Overall Verdict | 2016-04-10 04:19:03.332145 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2016-04-10 04:19:03.332145 | No Threat Found | help |
Human Expert Analysis Overall Verdict | 2016-03-05 07:34:17.688954 | Malware |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual C# / Basic .NET
.NET executable
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Uses a function clandestinely | |
Reads memory of another process |
Behavioral Information
C:\Windows\system32\wer.dll
USER32.dll
ADVAPI32.dll
SensApi.dll
werui.dll
ole32.dll
DUI70.dll
Comctl32.dll
comctl32.dll
ntdll.dll
DUser.dll
C:\Windows\system32\DUser.dll
user32.dll
C:\Windows\system32\RICHED20.DLL
SHELL32.dll
C:\sample
UxTheme.dll
dwmapi.dll
C:\Windows\system32\xmllite.dll
OLEAUT32.dll
kernel32.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
DontSendAdditionalData
Disabled
DefaultConsent
DefaultOverrideBehavior
CLR20r3
LoggingDisabled
DontShowUI
DisableArchive
ConfigureArchive
DisableQueue
MaxQueueCount
MaxArchiveCount
ForceQueue
QueuePesterInterval
SendEFSFiles
BypassDataThrottling
ForceUserModeCabCollection
CorporateWerServer
CorporateWerUseSSL
CorporateWerPortNumber
CorporateWerUseAuthentication
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
C:\Windows\Fonts\staticcache.dat
C:\Windows\system32\en-US\erofflps.txt
Software\Microsoft\Windows\Windows Error Reporting\Debug
Software\Microsoft\Windows\Windows Error Reporting
Software\Policies\Microsoft\Windows\Windows Error Reporting
Consent
ExcludedApplications
DebugApplications
SOFTWARE\Microsoft\Reliability Analysis\RAC
Software\Microsoft\Windows\Windows Error Reporting\Throttling\CLR20r3
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Tahoma
Global\45ea30b3-fed3-11e5-a469-0800270b3b33
Local\MSCTF.Asm.MutexDefault1
C:\Windows\system32\DUser.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\RICHED20.DLL
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\system32\werui.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-03-05 00:33:47.703312 ( )
Analysis End Date:  2016-03-05 07:34:17.688954 ( )
File Upload Date:  2016-03-05 00:32:05.272594 ( )
Update Date:  2016-03-05 07:34:17.688959 ( )
Human Expert Analyst Feedback:   Trojan
Verdict:   Malware
Malware Family:   Trojan
Malware Type:   Trojan Generic
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|