Analyzing...
|
File Name:   Re-LoaderByR1n.exe
SHA1:   ba021aae374a4ba0c635138b921a1381b58819fa
MD5:   3c8289913e7994117532856caee1c06c
First Seen Date:  2016-02-10 14:59:40.570852 ( )
Number of Clients Seen:   22
Last Analysis Date:  2017-12-21 06:19:05.512569 ( )
Human Expert Analysis Date:  2017-12-20 11:20:12.134750 ( )Human Expert Analysis Result:   PUA
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-12-21 06:19:05.512569 | PUA | |
Static Analysis Overall Verdict | 2017-12-21 06:19:05.512569 | No Match | help |
Precise Detectors Overall Verdict | 2017-12-21 06:19:05.512569 | No Match | help |
Human Expert Analysis Overall Verdict | 2017-12-20 11:20:12.134750 | PUA |
Static Analysis
Static Analysis Overall Verdict | Result |
---|
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual C# / Basic .NET
.NET executable
Dynamic Analysis
No Dynamic Analysis Result Received
Behavioral Information is not Available
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2017-12-20 11:17:51.181667 ( )
Analysis End Date:  2017-12-20 11:20:12.134750 ( )
File Upload Date:  2017-12-20 11:16:36.652380 ( )
Update Date:  2017-12-20 11:20:12.141411 ( )
Human Expert Analyst Feedback:   PUA
Verdict:   PUA
Malware Family:   Application.Win32.Agent
Malware Type:   Pua
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|