Analyzing...
|
File Name:   ccsetup551.exe
SHA1:   c710b0ef88029d2b9ec60f10b8d7c0817efa2cd8
MD5:   4eb748bc62b36cc2fb9988c670079b56
First Seen Date:  2018-12-13 17:29:31.075752 ( )
Number of Clients Seen:   34
Last Analysis Date:  2019-04-01 19:21:44.438451 ( )
Human Expert Analysis Date:  2018-12-14 17:15:34.558816 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2018-12-13 17:19:26.778361 | Clean | |
Static Analysis Overall Verdict | 2018-12-13 17:19:30.805411 | No Threat Found | help |
Precise Detectors Overall Verdict | 2018-12-13 17:29:31.217106 | No Match | help |
Human Expert Analysis Overall Verdict | 2018-12-14 17:15:34.558816 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
TLS callback functions array detected | Clean |
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Uses a function clandestinely |
Behavioral Information
C:\ccsetup551.exe
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gtapi_signed.DLL
C:\Windows\system32\ESENT.dll
C:\Windows\SysWOW64\ieframe.dll
<NULL>
C:\Users\win7\AppData\Local\Temp\nsxC29F.tmp
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp
Local\MSCTF.Asm.MutexDefault1
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1054.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1053.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1062.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1062.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1029.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1052.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1053.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1067.dll
C:\Users\win7\AppData\Local\Temp\nsiC32D.tmp
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1058.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1032.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1036.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1046.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1049.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1034.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1029.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1048.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1032.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1038.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1045.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1055.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1066.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1037.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1050.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1035.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1044.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1034.dll
C:\ccsetup551.exe
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1040.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1061.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1057.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcapi_dll.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1041.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1051.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-2052.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_3098.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1055.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1043.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-3098.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1087.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\CC_logo_72x66.png
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1066.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1110.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1044.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1042.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_2070.html
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1050.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\pfUI.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1030.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1059.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1025.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_2052.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1049.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1030.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1027.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1033.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1063.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1109.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1040.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1090.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\Montserrat-Regular.otf
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1065.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1060.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1031.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1037.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-2074.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1042.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\PF_computer.png
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\PF_logo.png
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-2070.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1041.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1038.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1026.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\combo-offer.png
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1071.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-5146.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1027.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1058.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1048.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1028.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1031.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\pfWWW.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1051.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1045.dll
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1025.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1079.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1155.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1043.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1028.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1102.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1102.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1026.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1104.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1054.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1046.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1081.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-9999.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1036.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1060.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1092.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\p\pfBL.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gtapi_signed.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1068.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1035.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcombo\ComboOffer_1057.html
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\res\lang-1061.dll
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\ccsetup551.exe
C:\Users\win7\AppData\Local\Temp\nsiC32D.tmp
C:\Windows\Fonts\staticcache.dat
C:\Windows\system32\UXTHEME
C:\Windows\system32\USERENV
C:\Windows\system32\SETUPAPI
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
advapi32.dll
C:\Windows\system32\SHFOLDER
ole32.dll
comctl32.dll
ADVAPI32.dll
SHELL32.dll
propsys.dll
ntmarta.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\System.dll
UxTheme.dll
C:\Windows\system32\ole32.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\p\pfBL
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-sysinfo-l1-2-1
C:\ccsetup551.exe
CRYPTSP.dll
CRYPTBASE.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
OLEAUT32.dll
SHLWAPI.dll
winhttp.dll
WS2_32.dll
kernel32.dll
SspiCli.dll
RPCRT4.dll
DNSAPI.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gtapi_signed
Comctl32.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\g\gcapi_dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\ui\pfUI
psapi.dll
C:\Users\win7\AppData\Local\Temp\nsnC34D.tmp\nsDialogs.dll
atlthunk.dll
IMM32.dll
\REGISTRY\MACHINE\SOFTWARE\M
\REGISTRY\MACHINE\SOFTWARE\Microsoft
Precise Detectors Analysis Results
Detector Name | Date | Verdict | Reason | |
---|---|---|---|---|
Static Precise PUA Detector 1 | 2019-04-01 19:21:41.328043 | No Match | help | NotDetected |
Static Precise Trojan Detector 5 | 2019-04-01 19:21:41.326770 | No Match | help | NotDetected |
Static Precise Trojan Detector 7 | 2019-04-01 19:21:41.281748 | No Match | help | NotDetected |
Static Precise PUA Detector 4 | 2019-04-01 19:21:41.290082 | No Match | help | NotDetected |
Static Precise PUA Detector 5 | 2019-04-01 19:21:41.634062 | No Match | help | NotDetected |
Static Precise Trojan Detector 1 | 2019-04-01 19:21:41.568847 | No Match | help | NotDetected |
Static Precise Trojan Detector 2 | 2019-04-01 19:21:41.571570 | No Match | help | NotDetected |
Static Precise Trojan Detector 3 | 2019-04-01 19:21:41.580306 | No Match | help | NotDetected |
Static Precise Trojan Detector 12 | 2019-04-01 19:21:41.621678 | No Match | help | NotDetected |
Static Precise Trojan Detector 10 | 2019-04-01 19:21:41.548804 | No Match | help | NotDetected |
Static Precise Virus Detector 1 | 2019-04-01 19:21:41.580421 | No Match | help | NotDetected |
Static Precise Virus Detector 2 | 2019-04-01 19:21:41.586831 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2018-12-13 19:15:14.913004 ( )
Analysis End Date:  2018-12-14 17:15:34.558816 ( )
File Upload Date:  2018-12-13 16:45:41.169272 ( )
Update Date:  2018-12-14 17:15:34.580942 ( )
Human Expert Analyst Feedback:   Safe
Verdict:   Clean
Malware Family:  
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|