Analyzing...
|
File Name:   17-1-142301.exe
SHA1:   e5308946715e15043b8967afca75e2ddd7d0a650
MD5:   d82859a5289399f8e26c5946f103cbbd
First Seen Date:  2017-01-15 12:04:51.931716 ( )
Number of Clients Seen:   4
Last Analysis Date:  2017-01-15 12:04:51.931716 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-01-15 12:04:51.931716 | Malware | |
Static Analysis Overall Verdict | 2017-01-15 12:04:51.931716 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2017-01-15 12:04:51.931716 | No Threat Found | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual C# / Basic .NET
.NET executable
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Has no visible windows |
Behavioral Information
C:\Windows\SysWOW64\rundll32.exe
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|