|
Analyzing...
|
File Name: IDMan.exe
SHA1: cf0562dfa01aaa2d2d6e2f9ead470a9c3776aeaa
MD5: 708f57a040b09992316b6673501bde19
First Seen Date: 2017-11-20 17:37:28.221205 ( )
Number of Clients Seen: 2
Last Analysis Date: 2017-11-20 17:37:28.221205 ( )
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-11-20 17:37:28.221205 | Clean | |
| Static Analysis Overall Verdict | 2017-11-20 17:37:28.221205 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2017-11-20 17:37:28.221205 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2017-11-20 17:37:28.221205 | No Match | help |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Suspicious | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Packer detection on signature database
Armadillo v1.71
Microsoft Visual C++ v5.0/v6.0 (MFC)
Microsoft Visual C++
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Copies itself to startup | |
| Modifies Windows Service Keys | |
| Reads memory of another process | |
| Opens a file in a system directory | |
Behavioral Information
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
C:\IDMShellExt64.dll
shell32
ADVAPI32.dll
comctl32.dll
ole32.dll
C:\idmvs.dll
UxTheme.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
Connect.dll
RASAPI32
shlwapi.dll
RichEd32.Dll
CRYPTBASE.dll
C:\Windows\system32\asycfilt.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
IDMGetAll.dll
IDMIECC.dll
downlWithIDM.dll
idmfsa.dll
propsys.dll
ntmarta.dll
SHELL32.dll
imageres.dll
PSAPI.DLL
Kernel32.DLL
WS2_32
C:\Windows\SysWOW64\ieframe.dll
kernel32.dll
Secur32.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
OLEAUT32.dll
C:\Windows\system32\sfc.dll
COMCTL32.DLL
IMM32.dll
WindowsCodecs.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\system32\ntshrui.dll
srvcli.dll
cscapi.dll
slc.dll
c:\windows\system32\imageres.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
WS2_32.dll
.exe
program
file
"C:\Windows\System32\regsvr32.exe" /s "C:\IDMShellExt64.dll"
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\Downloads\desktop.ini
Local\MSCTF.Asm.MutexDefault1
C:\Users\win7\AppData\Roaming\IDM\\Scheduler\s_1.dt
<NULL>
RasPbFile
Tonec_Internet_Download_Manager_MTX
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\IDMEventMonitor
C:\[uIDMan.exe]
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\system32\Connect.dll
C:\Windows\system32\RICHED20.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\system32\propsys.dll
C:\Windows\system32\EhStorShell.dll
HKEY_LOCAL_MACHINESOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn
HKEY_LOCAL_MACHINESOFTWARE\mozilla.org\Mozilla
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\IDMTDI
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINESoftware\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINESOFTWARE\Netscape\Netscape 6
HKEY_CURRENT_USERSoftware\Opera Software
HKEY_LOCAL_MACHINESoftware\Flock\Flock
HKEY_LOCAL_MACHINESoftware\Mozilla\Waterfox
HKEY_CLASSES_ROOTMIME\Database\Content Type
HKEY_CURRENT_USERSoftware\Policies
HKEY_CURRENT_USERSoftware\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINESoftware\Mozilla\Mozilla Firefox ESR
HKEY_CURRENT_USERSoftware\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}
HKEY_LOCAL_MACHINESoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USERSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINESOFTWARE\Internet Download Manager
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINESoftware\Mozilla\Mozilla Firefox
HKEY_CURRENT_USERSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINESoftware\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\IDMWFP
HKEY_LOCAL_MACHINESOFTWARE\Google\Chrome\Extensions\jmolcgpienlcieaajfkkdamlngancncm
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USERSoftware\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}
HKEY_LOCAL_MACHINESoftware\Mozilla
HKEY_LOCAL_MACHINESOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek
HKEY_LOCAL_MACHINEsystem\CurrentControlSet\control\NetworkProvider\HwOrder
HKEY_LOCAL_MACHINESOFTWARE\Classes
HKEY_CURRENT_USERSoftware\Mozilla\Firefox\Extensions
HKEY_LOCAL_MACHINESOFTWARE\Netscape\Netscape Browser
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_CURRENT_USERSoftware
HKEY_LOCAL_MACHINESoftware\Mozilla\Aurora
HKEY_CURRENT_USERSoftware\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINESoftware\Mozilla\Nightly
HKEY_LOCAL_MACHINESoftware\mozilla.org\Mozilla Firefox
HKEY_LOCAL_MACHINESOFTWARE\Mozilla\Netscape Navigator
HKEY_CURRENT_USERSoftware\Policies\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINESOFTWARE\Netscape\Netscape
HKEY_LOCAL_MACHINESoftware\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINESOFTWARE\FullCircle\TalkBack
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\MenuExt\
HKEY_LOCAL_MACHINESoftware\Classes\PROTOCOLS\Name-Space Handler\
HKEY_LOCAL_MACHINESOFTWARE\Mozilla\SeaMonkey
HKEY_LOCAL_MACHINESoftware\Google\Chrome\Extensions
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USERSoftware\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINESoftware\Mozilla\Firefox Developer Edition
HKEY_LOCAL_MACHINESoftware\Policies
HKEY_LOCAL_MACHINESystem\Setup
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_CURRENT_USERSoftware\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINESoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINESoftware
HKEY_CURRENT_USERSoftware\DownloadManager\
HKEY_CURRENT_USERSoftware\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}
HKEY_CURRENT_USERSoftware\DownloadManager\Queue
HKEY_CURRENT_USERSoftware\DownloadManager\ProxyPac
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}
HKEY_CURRENT_USERSoftware\DownloadManager\DwnlPanel
HKEY_CURRENT_USERSoftware\DownloadManager\maxID
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Low Rights\DragDrop
HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINESoftware\Google
HKEY_LOCAL_MACHINESoftware\Google\Chrome
HKEY_LOCAL_MACHINESoftware\Mozilla
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}
HKEY_CURRENT_USERSoftware\DownloadManager\Scheduler
HKEY_LOCAL_MACHINESOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}
HKEY_CURRENT_USERSoftware\DownloadManager\menuExt
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
HKEY_CLASSES_ROOTAppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}
HKEY_CURRENT_USERSoftware\DownloadManager\Passwords
HKEY_CURRENT_USERSoftware\DownloadManager\IDMBI
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\MenuExt\
HKEY_CURRENT_USERSoftware\DownloadManager\ConfigTime
HKEY_CURRENT_USERSoftware\DownloadManager\FoldersTree
HKEY_LOCAL_MACHINESoftware\Google\Chrome\Extensions
HKEY_CLASSES_ROOTCLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_CURRENT_USERSoftware\DownloadManager\MCN
HKEY_CLASSES_ROOTIDMan.CIDMLinkTransmitter
HKEY_CURRENT_USERSoftware\DownloadManager\
HKEY_CURRENT_USERSoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}
HKEY_CURRENT_USERSoftware\DownloadManager\ListSettings
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Static Precise PUA Detector 1 | 2017-11-20 17:36:50.948488 | No Match | help | NotDetected |
| Static Precise Virus Detector | 2017-11-20 17:36:50.960479 | No Match | help | NotDetected |
| Static Precise Trojan Detector | 2017-11-20 17:36:50.967009 | No Match | help | NotDetected |
| Static Precise Adware InstallCore Detector 1 | 2017-11-20 17:36:50.982400 | No Match | help | NotDetected |
| Static Precise Trojan Detector 2 | 2017-11-20 17:36:50.972035 | No Match | help | NotDetected |
| Static Precise Trojan Detector 3 | 2017-11-20 17:36:50.979352 | No Match | help | NotDetected |
| Static Precise Trojan Generic Cryptor Detector 1 | 2017-11-20 17:36:50.974846 | No Match | help | NotDetected |
| Static Precise Virus Detector 2 | 2017-11-20 17:36:50.985736 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|