Analyzing...
|
File Name:   enco_6182.exe
SHA1:   a964165777b0ec91bf184d4eab97ae3c14d0c9c5
MD5:   2329e20b7c0572ecbadb1ac39883bf1b
First Seen Date:  2016-02-17 18:50:21.117239 ( )
Number of Clients Seen:   10
Last Analysis Date:  2016-02-17 18:57:02.498990 ( )
Human Expert Analysis Date:  2016-02-19 04:48:41.490550 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-02-17 18:57:02.498990 | Clean | |
Static Analysis Overall Verdict | 2016-02-17 18:57:02.498990 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2016-02-17 18:57:02.498990 | Highly Suspicious | |
Human Expert Analysis Overall Verdict | 2016-02-19 04:48:41.490550 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Suspicious | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Suspicious |
Anti-debug calls
UnhandledExceptionFilter
GetWindowThreadProcessId
FindWindowA
Packer detection on signature database
BobSoft Mini Delphi -> BoB / BobSoft
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Logs user key strokes | |
Has no visible windows | |
Uses a function clandestinely |
Behavioral Information
C:\sample
C:\Windows\syswow64\USER32.dll
C:\Windows\SysWOW64\mshtml.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\syswow64\MSCTF.dll
file
Use Anchor Hover Color
Plane16
No3DBorder
DOMStorage
Expand Alt Text
CLSID
DomainLimit
MaxSubDomains
SyncMode5
IESerifFontName
SpecialFoldersCacheSize
SmoothScroll
Use Web Based FTP
TotalLimit
DisableCachingOfSSLPages
Plane4
Plane14
Plane5
DisableSecuritySettingsCheck
Plane10
Enable AutoImageResize
Always Use My Font Face
Default_IEFontSizePrivate
AdminTabProcs
Plane15
UrlEncoding
IEUIFontName
Allow Programmatic Cut_Copy_Paste
RenderingLoopMaxTime
CreateUriCacheSize
Plane12
Plane6
Print_Background
Always Use My Colors
WindowsEdition
AutoDetect
UseHR
Plane13
Plane3
Show image placeholders
IEPropFontName
Anchor Underline
Disable Script Debugger
DaysToKeep
IsTextPlainHonored
SystemSetupInProgress
Disable Visited Hyperlinks
FrameMerging
EnablePunycode
CVListXMLVersionLow
IE
DataFilePath
RtfConverterFlags
XDomainRequest
Use_DlgBox_Colors
Anchor Color Visited
FrameTabWindow
Plane9
Display Inline Videos
Plane11
Plane7
Always Use My Font Size
IEFixedFontName
Plane2
Disable Diagnostics Mode
Default_CodePage
Disable
sample
MiscFlags
TabProcGrowth
IEFontSize
IECompatVersionHigh
IESansSerifFontName
JScriptProfileCacheEventDelay
Display Inline Images
Anchor Color
XMLHTTP
NavigationDelay
Plane8
Plane1
CVListXMLVersionHigh
RootDomainLimit
Content Type
ProtectedModeOffForAllZones
DataStreamEnabledState
ZoomDisabled
MinimumSystemTimerResolution
Play_Animations
IECompatVersionLow
DisableScriptDebuggerIE
IEFontSizePrivate
Anchor Color Hover
VML
950
CSS_Compat
NoProtectedModeBanner
Q300829
SessionMerging
Play_Background_Sounds
EnabledScopes
Move System Caret
Cleanup HTCs
Flags
Software\Microsoft\Internet Explorer\Main
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
C:\InstallTmp\Enlish.ini
C:\Users\win7\AppData\Local\Microsoft
C:\InstallTmp\Readme.7z
C:\InstallTmp\Config.txt
C:\InstallTmp\Logo.7z
C:\Users\desktop.ini
C:\InstallTmp\Language.7z
C:\Users
C:\Users\win7\AppData\Local\Microsoft\Windows
C:\Users\win7
C:\sample
C:\InstallTmp\Config.7z
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData
C:\Windows\system32\rsaenh.dll
C:\InstallTmp\Readme.txt
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\win7\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local
C:\InstallTmp
C:\InstallTmp\ļæ½ļæ½a1.bmp
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
Settings
FEATURE_MIME_HANDLING
Main
FEATURE_MEMPROTECT_MODE
FEATURE_IEDDE_REGISTER_URLECHO
FEATURE_BROWSER_COMPATDATA
Script
Software\Policies\Microsoft\Internet Explorer\Main
FEATURE_SPELLCHECKING
IEDevTools\Options
Software\Policies
FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
FEATURE_OBJECT_CACHING
Suggested Sites
Microsoft\Internet Explorer\Low Rights
FEATURE_ALLOW_EXPANDURI_BYPASS
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
SOFTWARE\Microsoft\Internet Explorer\MAIN
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
FEATURE_NEW_TREE_VERIFICATION
Software\Borland\Delphi\Locales
Software\Microsoft\Internet Explorer\Main
FEATURE_LEGACY_DISPPARAMS
FEATURE_DISABLE_DEFERRED_IMAGE_DOWNLOAD
Viewport
Microsoft\Internet Explorer\Security
CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL
Security\Adv AddrBar Spoof Detection
FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION
FEATURE_TOPMOST_GWND
PROTOCOLS\Name-Space Handler\about\
FEATURE_DATABINDING_SUPPORT
FEATURE_PROCESS_XML_AS_HTML
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
Larger Hit Test
FEATURE_RESTRICT_FILEDOWNLOAD
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
Application Compatibility
DOMStorage
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
FEATURE_SOFTWARE_FILTER_RENDERING
FEATURE_SAFE_BINDTOOBJECT
FEATURE_FILEPROTOCOL_NOFINDFIRST_KB947853
MIME\Database\Content Type\text/plain
FEATURE_DISABLE_NAVIGATION_SOUNDS
Software\Policies\Microsoft\Internet Explorer\DOMStorage
FEATURE_96DPI_PIXEL
FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
Styles
FEATURE_USE_SECURITY_THUNKS
Software\Policies\Microsoft\Internet Explorer\Zoom
Microsoft\Windows\CurrentVersion\Internet Settings\Url History
FEATURE_LAZY_IMAGE_DECODING
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
PROTOCOLS\Name-Space Handler\
Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
FEATURE_DISPLAY_NODE_ADVISE_KB833311
PROTOCOLS\Name-Space Handler\*\
FEATURE_PRIVATE_FONT_SETTING
SYSTEM\CurrentControlSet\Control\Nls\CodePage
Software\Policies\Microsoft\Internet Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
FEATURE_WEBSOCKET
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
SimSun
FEATURE_DISABLE_FORMAT_REUSE
FEATURE_ALLOW_WINDOW_PUTNAME_CROSS_DOMAIN
FEATURE_DOWNLOAD_INITIATOR_HTTP_HEADER
FEATURE_ENABLE_LARGER_HIT_TEST
FEATURE_USE_UNISCRIBE
Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Software\Microsoft\Windows\CurrentVersion\Policies
FEATURE_ARIA_SUPPORT
FEATURE_ENABLE_PERFWIDGET_EXTRA_INFO
Main\WindowsSearch
Version Vector
FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120
Software\Microsoft\Internet Explorer
FEATURE_FORCE_NATURAL_TEXT_METRICS
SOFTWARE\Tqdigital\YwConquer
FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
FEATURE_MOBILE_CUSTOMIZATIONS
FEATURE_MOBILE_VIEWPORT_WIDTH_RESTRICTIONS
FEATURE_XSSFILTER
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Zoom
Microsoft\Internet Explorer\Feeds
Software\Microsoft\Internet Explorer\MediaTypeClass
FEATURE_ALLOW_HIGHFREQ_TIMERS
System\Setup
FEATURE_BROWSER_EMULATION
FEATURE_PASTE_IMAGE_DATAURI
FEATURE_MOBILE_DISPOSABLE_RESOURCE_CACHE_THRESHOLD_BYTES
FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
Software\Policies\Microsoft\Internet Explorer\International\Scripts
History
Microsoft\Windows\CurrentVersion\Internet Settings
Software
Text Scaling
Content
FEATURE_IEDDE_REGISTER_PROTOCOL
Security\Floppy Access
AdvancedOptions\DISAMBIGUATION
FEATURE_WEBOC_DOCUMENT_ZOOM
FEATURE_GPU_RENDERING
International\Scripts
FEATURE_DOCUMENT_COMPATIBLE_MODE
FEATURE_HIGH_RESOLUTION_AWARE
FEATURE_CLEANUP_AT_FLS
Software\Policies\Microsoft\Internet Explorer\Settings
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_ALIGNED_TIMERS
FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454
Cookies
MenuExt
FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER
FEATURE_PAINT_INSIDE_WMPAINT
Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
FEATURE_ALLOW_INTRANET_CSS_MIME_MISMATCH
FEATURE_OLEALIAS_GWND
FEATURE_ZONE_ELEVATION
FEATURE_CSS_SHOW_HIDE_EVENTS
FEATURE_ENABLE_WEB_CONTROL_VISUALS
MIME\Database\Content Type\text/xml
FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245
Scripts
FEATURE_ENFORCE_BSTR
FEATURE_NINPUT_LEGACYMODE
FEATURE_REDUCE_RENDER_AHEAD_CACHE
Software\Borland\Locales
International
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_LAZIER_IMAGE_DECODING
FEATURE_PROTOCOL_LOCKDOWN
PROTOCOLS\Name-Space Handler\file\
SOFTWARE\Classes\PROTOCOLS\Filter\text/plain
BrowserEmulation
InprocServer32
FEATURE_MSHTML_AUTOLOAD_IEFRAME
FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING
FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
.txt
FEATURE_MIME_SNIFFING
FEATURE_USE_LEGACY_JSCRIPT
FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW
FEATURE_VSYNC_WATCHDOG
FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION
Software\Microsoft\Ftp
FEATURE_XDOMAINREQUEST
Software\Microsoft\Internet Explorer\PageSetup
Local\ZonesLockedCacheCounterMutex
<NULL>
Local\ZonesCacheCounterMutex
!IECompat!Mutex
Local\MSCTF.Asm.MutexDefault1
_!SHMSFTHISTORY!_
WSearch
api-ms-win-downlevel-advapi32-l2-1-0.dll
mshtml.dll
imm32.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
comctl32.dll
ole32.dll
OLEAUT32.dll
propsys.dll
shell32.dll
CRYPTBASE.dll
WININET.dll
Secur32.dll
user32.dll
UxTheme.dll
olepro32.dll
SHELL32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
urlmon.dll
C:\Windows\syswow64\MSCTF.dll
PROPSYS.dll
ADVAPI32.dll
IEFRAME.dll
ntmarta.dll
USER32.dll
uxtheme.dll
MSHTML.dll
api-ms-win-downlevel-shlwapi-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
kernel32.dll
KERNEL32.dll
C:\Windows\system32\ole32.dll
MLANG.dll
C:\InstallTmp\Config.7z
C:\InstallTmp\Language.7z
C:\InstallTmp\Logo.7z
C:\InstallTmp\Readme.7z
C:\InstallTmp\Config.txt
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-02-19 00:22:12.079669 ( )
Analysis End Date:  2016-02-19 04:48:41.490550 ( )
File Upload Date:  2016-02-18 20:30:00.791220 ( )
Update Date:  2016-02-19 04:48:41.490557 ( )
Human Expert Analyst Feedback:   Clean
Verdict:   Clean
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|