Analyzing...
|
File Name:   wpsupdate.exe
SHA1:   aa9d0182bc4af8a6595207b7f5bd7c8336617520
MD5:   e32e98fb900366fd33e8003de1fc57c4
First Seen Date:  2018-06-14 02:35:07.203368 ( )
Number of Clients Seen:   9
Last Analysis Date:  2018-07-01 13:31:56.143178 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2018-07-01 13:31:56.143178 | Clean | |
Static Analysis Overall Verdict | 2018-07-01 13:31:56.143178 | No Threat Found | help |
Precise Detectors Overall Verdict | 2018-07-01 13:31:56.143178 | No Match | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Suspicious | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
UPX v0.89.6 - v1.02 / v1.05 -v1.24 -> Markus & Laszlo [overlay]
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Uses a function clandestinely | |
Has no visible windows |
Behavioral Information
C:\wpsupdate.exe
C:\Windows\Fonts\staticcache.dat
Global\wpspatch_C42D7A0A-2868-45FF-92EE-9B7AE7124588
Global\wpssetup_C42D7A0A-2868-45FF-92EE-9B7AE7124588
Global\wps_diff_patch_C42D7A0A-2868-45FF-92EE-9B7AE7124588
Global\wpsuninst_C42D7A0A-2868-45FF-92EE-9B7AE7124588
C:\Users\win7\AppData\Roaming\kingsoft\office6\update\log\wpsupdate_2018_06_14.log
_#_UPD_LogFile_Z_MutxName_#_
Global\_UPD_Session_MutexName_
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
USERENV.dll
VERSION.dll
WININET.dll
WLDAP32.dll
WS2_32.dll
Ws2_32.dll
\auth.dll
C:\office6\auth.dll
C:/office6\auth.dll
comctl32.dll
UxTheme.dll
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
OpenProcess
ReadProcessMemory
CreateProcessW
CreateProcessA
URLDownloadToFileW
InternetReadFile
WinExec
ShellExecuteW
ShellExecuteExW
IsDebuggerPresent
Precise Detectors Analysis Results
Detector Name | Date | Verdict | Reason | |
---|---|---|---|---|
Static Precise PUA Detector 1 | 2018-07-01 13:31:52.892701 | No Match | help | NotDetected |
Static Precise Trojan Detector 5 | 2018-07-01 13:31:52.928758 | No Match | help | NotDetected |
Static Precise Trojan Detector 7 | 2018-07-01 13:31:52.935672 | No Match | help | NotDetected |
Static Precise PUA Detector 4 | 2018-07-01 13:31:52.947620 | No Match | help | NotDetected |
Static Precise PUA Detector 5 | 2018-07-01 13:31:52.975060 | No Match | help | NotDetected |
Static Precise Trojan Detector 1 | 2018-07-01 13:31:52.998976 | No Match | help | NotDetected |
Static Precise Trojan Detector 2 | 2018-07-01 13:31:52.999860 | No Match | help | NotDetected |
Static Precise Trojan Detector 3 | 2018-07-01 13:31:53.016933 | No Match | help | NotDetected |
Static Precise Trojan Detector 12 | 2018-07-01 13:31:53.042847 | No Match | help | NotDetected |
Static Precise Trojan Detector 10 | 2018-07-01 13:31:53.048872 | No Match | help | NotDetected |
Static Precise Virus Detector 1 | 2018-07-01 13:31:53.084429 | No Match | help | NotDetected |
Static Precise Virus Detector 2 | 2018-07-01 13:31:53.084739 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|