|
Analyzing...
|
File Name: Me1H8YsRZeAY.exe
SHA1: cf2b2c783f58605fcf14d47552fb3d9f114ea6bb
MD5: 9c67f95f422c1108d1ec6bb1428aa330
First Seen Date: 2017-05-17 13:20:31.812763 ( )
Number of Clients Seen: 3
Last Analysis Date: 2017-05-17 13:20:31.812763 ( )
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-05-17 13:20:31.812763 | PUA | |
| Static Analysis Overall Verdict | 2017-05-17 13:20:31.812763 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2017-05-17 13:20:31.812763 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2017-05-17 13:20:31.812763 | No Match | help |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Suspicious | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Opens a file in a system directory | |
Behavioral Information
C:\[uMe1H8YsRZeAY.exe]
C:\Windows\system32\PROPSYS.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
.HTM
.htm
document
AppData
Local AppData
GUID
DefBrowser
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
Anchor Color
Anchor Color Visited
Version
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Settings
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar
Software\Microsoft\Windows\CurrentVersion\Uninstall
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
C:\[uMe1H8YsRZeAY.exe]
C:\Users\win7\AppData\Local\Temp\76ED1B0ECA4148AEBD7F7C52F09B3753.html
C:\Windows\Fonts\staticcache.dat
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Tahoma
Software\Microsoft\Internet Explorer\Settings
Global\651CB287-2277-4F76-84C6-1D61E868304B
<NULL>
Global\651CB287-2277-4F76-84C6-1D61E868304B
Local\MSCTF.Asm.MutexDefault1
WINSTA.dll
ADVAPI32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
RPCRT4.dll
USERENV.dll
ntmarta.dll
advapi32.dll
C:\[uMe1H8YsRZeAY.exe]
comctl32.dll
SHELL32.dll
propsys.dll
ole32.dll
C:\Program Files\Internet Explorer\iexplore.exe
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
UxTheme.dll
IMM32.dll
imageres.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
C:\Users\win7\AppData\Local\Temp\76ED1B0ECA4148AEBD7F7C52F09B3753.html
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Uninstaller FP Detector | 2017-05-17 13:20:32.385006 | No Match | help | No match. |
| Yara Rule Static Malware Detector | 2017-05-17 13:20:32.489587 | No Match | help | No match. |
| Static Precise PUA Detector 1 | 2017-05-17 13:20:32.367154 | No Match | help | NotDetected |
| Static Precise Virus Detector | 2017-05-17 13:20:32.378199 | No Match | help | NotDetected |
| Static Precise Trojan Detector | 2017-05-17 13:20:32.382797 | No Match | help | NotDetected |
| Malicious Url Detector | 2017-05-17 13:20:57.329779 | No Match | help | No match. |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|