Analyzing...
|
File Name:   exe1.exe
SHA1:   98ed6b928d33bb2ea4f9070ee2073e2754425ffa
MD5:   5af162015da581412ec62d21c603992e
First Seen Date:  2017-03-28 15:21:38.878937 ( )
Number of Clients Seen:   5
Last Analysis Date:  2017-03-28 15:21:38.878937 ( )
Human Expert Analysis Date:  2017-03-29 09:58:40.130361 ( )Human Expert Analysis Result:   Malware
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-03-28 15:21:38.878937 | Malware | |
Static Analysis Overall Verdict | 2017-03-28 15:21:38.878937 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2017-03-28 15:21:38.878937 | Highly Suspicious | |
Precise Detectors Overall Verdict | 2017-03-28 15:21:38.878937 | No Match | help |
Human Expert Analysis Overall Verdict | 2017-03-29 09:58:40.130361 | Malware |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Operation successfully finished. |
Behavioral Information
C:\Windows\SysWOW64\ODBC32.dll
C:\Windows\system32\credui.dll
C:\Windows\SysWOW64\QUtil.dll
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\eappcfg.dll
C:\Windows\SysWOW64\eappprxy.dll
CurrentBuildNumber
Upgrade
MachineGuid
C:\[uexe1.exe]
C:\Users\win7\AppData\Local\Temp\c4b6765a\c53d.tmp
SOFTWARE\Microsoft\NetSh
SOFTWARE\Microsoft\BidInterface\Loader
SOFTWARE\ODBC\ODBC.INI\ODBC
SOFTWARE\Microsoft\Windows NT\CurrentVersion
System\Setup
SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local
SOFTWARE\Microsoft\Cryptography
RasPbFile
<NULL>
Global\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7
shell.{4859FB8B-3068-D0D3-16B3-A57A9572E3D5}
policyagent
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\system32\netsh.exe advfirewall reset
comctl32.dll
RASMONTR.DLL
C:\Windows\SysWOW64\odbcint.dll
MSVCRT.DLL
NSHWFP.DLL
DHCPCMONITOR.DLL
Dhcpcsvc.dll
Dhcpqec.dll
WSHELPER.DLL
NSHHTTP.DLL
FWCFG.DLL
AUTHFWCFG.DLL
IFMON.DLL
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
NETIOHLP.DLL
WHHELPER.DLL
HNETMON.DLL
RPCNSH.DLL
DOT3CFG.DLL
NAPMONTR.DLL
NSHIPSEC.DLL
CRYPTSP.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2017-03-28 17:42:03.341273 ( )
Analysis End Date:  2017-03-29 09:58:40.130361 ( )
File Upload Date:  2017-03-28 15:21:40.154226 ( )
Update Date:  2017-03-29 09:58:40.134348 ( )
Human Expert Analyst Feedback:   Malware
Verdict:   Malware
Malware Family:   Trojware.Win32.Agent
Malware Type:   Trojan Generic
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|