Analyzing...
|
File Name:   azzfuff.exe
SHA1:   dbc4add760deba7caa31fdaa12dd47ca2c1e81e3
MD5:   3f3956f5ce7eb573331e48db760980fa
First Seen Date:  2017-03-27 13:24:28.419588 ( )
Number of Clients Seen:   4
Last Analysis Date:  2017-03-27 13:38:23.767436 ( )
Human Expert Analysis Date:  2017-04-12 12:15:11.735418 ( )Human Expert Analysis Result:   Malware
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-03-27 13:38:23.767436 | Malware | |
Static Analysis Overall Verdict | 2017-03-27 13:38:23.767436 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2017-03-27 13:38:23.767436 | No Threat Found | help |
Precise Detectors Overall Verdict | 2017-03-27 13:38:23.767436 | No Match | help |
Human Expert Analysis Overall Verdict | 2017-04-12 12:15:11.735418 | Malware |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Operation successfully finished. |
Behavioral Information
C:\[uazzfuff.exe]
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
Win31FileSystem
C:\
C:\Windows
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
\??\C:\Windows\system32\EhStorShell.dll
\??\C:\Windows\system32\ntshrui.dll
SYSTEM\CurrentControlSet\Control\FileSystem
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{
<NULL>
imm32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-localization-l1-2-1
ole32.dll
comctl32.dll
ADVAPI32.dll
SHELL32.dll
propsys.dll
ntmarta.dll
WindowsCodecs.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\system32\ntshrui.dll
c:\windows\system32\imageres.dll
WINTRUST.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
api-ms-win-core-sysinfo-l1-2-1
Precise Detectors Analysis Results
Detector Name | Date | Verdict | Reason | |
---|---|---|---|---|
Precise URL Detector | 2017-03-27 13:38:23.751373 | No Match | help | Can not found url connection in data |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2017-03-27 15:15:16.368724 ( )
Analysis End Date:  2017-04-12 12:15:11.735418 ( )
File Upload Date:  2017-03-27 13:25:29.858793 ( )
Update Date:  2017-04-12 12:15:11.740216 ( )
Human Expert Analyst Feedback:   Malware
Verdict:   Malware
Malware Family:   TrojWare.Win32.Agent
Malware Type:   Trojan Generic
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|