Analyzing...

File Name: pci_input_device_driver_windows_7_download.exe

SHA1: e67083d7b9646a500a94baa22f680bbba3154097

MD5: fb40201992c4784356ea8fbeba9e0258

First Seen Date: 2017-06-09 19:17:49.630384 ( 2017-06-09 19:17:49.630384 )

Number of Clients Seen: 12

Last Analysis Date: 2017-06-14 17:49:52.926025 ( 2017-06-14 17:49:52.926025 )

Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.

Analysis Summary

Analysis Type	Date	Verdict
Signature Based Detection	2017-06-14 17:49:52.926025	PUA
Static Analysis Overall Verdict	2017-06-14 17:49:52.926025	No Threat Found
Dynamic Analysis Overall Verdict	2017-06-14 17:49:52.926025	No Threat Found
Precise Detectors Overall Verdict	2017-06-14 17:49:52.926025	No Match

Static Analysis

Static Analysis Overall Verdict	Result
No Threat Found

Detector	Result
Optional Header LoaderFlags field is valued illegal	Clean
Non-ascii or empty section names detected	Clean
Illegal size of optional Header	Clean
Packer detection on signature database	Unknown
Based on the sections entropy check! file is possibly packed	Suspicious
Timestamp value suspicious	Suspicious
Header Checksum is zero!	Clean
Enrty point is outside the 1st(.code) section! Binary is possibly packed	Suspicious
Optional Header NumberOfRvaAndSizes field is valued illegal	Clean
Anti-vm present	Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger	Suspicious
TLS callback functions array detected	Clean

Dynamic Analysis

Dynamic Analysis Overall Verdict	Result
No Threat Found

Suspicious Behaviors
Opens a file in a system directory
Uses a function clandestinely

Behavioral Information

RegCloseKey

10c

114

QueryFilePath

C:\pci_input_device_driver_windows_7_download.exe

ReadRegisteryKey

Plane16

Plane14

Plane15

Plane12

Plane13

Plane10

Plane11

Plane4

Plane5

Plane6

Disable

Plane7

Plane1

Plane2

Plane3

DataFilePath

Plane8

Plane9

CreateFile

{"dwCreationDisposition": "3", "path": "C:\\Windows\\Fonts\\staticcache.dat", "dwDesiredAccess": "80000000", "dwShareMode": "5"}

OpenRegisteryKey

{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Borland\\Delphi\\Locales"}

{"hKey": "114", "phkResult": "0", "lpSubKey": "Microsoft Sans Serif"}

{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Borland\\Locales"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Borland\\Locales"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"}

{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"}

LoadLibrary

ShDoCvw.dll

kernel32.dll

user32.dll

advapi32.dll

oleaut32.dll

version.dll

gdi32.dll

ole32.dll

comctl32.dll

shlwapi.dll

comdlg32.dll

shell32.dll

C:\pci_input_device_driver_windows_7_download.ENU

C:\pci_input_device_driver_windows_7_download.EN

security.dll

ADVAPI32.dll

aswhookx.dll

QueryProcessAddress

SetWindowsHookExA

WriteProcessMemory

CreateProcessA

ShellExecuteA

IsDebuggerPresent

Precise Detectors Analysis Results

Detector Name	Date	Verdict	Reason
Uninstaller FP Detector	2017-06-14 17:49:40.855103	No Match	No match.
Yara Rule Static Malware Detector	2017-06-14 17:49:40.858108	No Match	No match.
Static Precise PUA Detector 1	2017-06-14 17:49:40.856984	No Match	NotDetected
Static Precise Virus Detector	2017-06-14 17:49:40.855884	No Match	NotDetected
Static Precise Trojan Detector	2017-06-14 17:49:40.859148	No Match	NotDetected
Malicious Url Detector	2017-06-14 17:49:52.294141	No Match	No match.

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Property	Value

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5