Analyzing...
|
File Name:   AntiTest.exe
SHA1:   9a9fbbab0f91383a1c37a3133a69218fcdcc63ad
MD5:   0e5d7619fbd351d7d4fcb5fe2900bdee
First Seen Date:  2015-12-21 14:21:26.882741 ( )
Number of Clients Seen:   16
Last Analysis Date:  2016-02-05 17:58:51.049551 ( )
Human Expert Analysis Date:  2017-08-31 15:15:58.639898 ( )Human Expert Analysis Result:   PUA
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-02-05 17:58:51.049551 | Clean | |
Static Analysis Overall Verdict | 2016-02-05 17:58:51.049551 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2016-02-05 17:58:51.049551 | No Threat Found | help |
Human Expert Analysis Overall Verdict | 2017-08-31 15:15:58.639898 | PUA |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Suspicious |
Packer detection on signature database
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Uses a function clandestinely | |
Has no visible windows |
Behavioral Information
ole32.dll
User32
C:\Windows\system32\EhStorShell.dll
advapi32.dll
comdlg32.dll
comctl32.dll
wtsapi32.dll
propsys.dll
WINSTA.dll
IMM32.dll
shell32.dll
USER32.dll
SHFolder.dll
msimg32.dll
winmm.dll
C:\Windows\system32\ntshrui.dll
inetres.dll
OLEAUT32.DLL
SHELL32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
user32.dll
imm32.dll
AVICAP32.DLL
MSVFW32.DLL
c:\windows\system32\imageres.dll
ADVAPI32.dll
srvcli.dll
msvcrt.dll
uxtheme.dll
compstui.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
kernel32.dll
RICHED20.DLL
gdi32.dll
winspool.drv
WindowsCodecs.dll
colorui.dll
oleaut32.dll
UXTHEME
version.dll
cscapi.dll
UxTheme.dll
RPCRT4.dll
DWMAPI.DLL
C:\Windows\syswow64\MSCTF.dll
KERNEL32.DLL
ntmarta.dll
slc.dll
C:\Windows\system32\ole32.dll
ample
Plane12
Plane9
Plane15
Plane2
MS Shell Dlg 2
Plane6
Plane11
Plane1
Plane5
Plane16
Disable
Plane10
Plane7
Plane14
AppliedDPI
DataFilePath
Plane4
Plane13
Plane8
Plane3
\??\C:\Windows\system32\EhStorShell.dll
\\.\PIPE\srvsvc
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
\??\C:\Windows\system32\ntshrui.dll
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\
Tahoma
Software\Borland\Delphi\Locales
Control Panel\Desktop\WindowMetrics
System\CurrentControlSet\Control\Keyboard Layouts\04090409
Software\Microsoft\Windows NT\CurrentVersion\VFW
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
Software\Borland\Locales
Software\Embarcadero\Locales
Software\CodeGear\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
System\CurrentControlSet\Control\Keyboard Layouts\041F0409
<NULL>
Local\MSCTF.Asm.MutexDefault1
C:\Windows\system32\RICHED20.DLL
C:\sample
C:\Windows\system32\compstui.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\syswow64\MSCTF.dll
OpenProcess
ShellExecuteExW
ShellExecuteW
IsDebuggerPresent
ReadProcessMemory
CreateServiceW
WriteProcessMemory
SetWindowsHookExW
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-02-03 08:17:19.833585 ( )
Analysis End Date:  2017-08-31 15:15:58.639898 ( )
File Upload Date:  2016-02-01 21:35:23.877042 ( )
Update Date:  2017-08-31 15:15:58.663127 ( )
Human Expert Analyst Feedback:  
Verdict:   PUA
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|