Analyzing...
|
File Name:   220_11505
SHA1:   f6644675dcbfc5f6f1c36a23faba50c2a5009b0f
MD5:   bbbe546f15d8b52d8e0d4bb329a8531e
First Seen Date:  2016-03-19 20:18:59.418408 ( )
Number of Clients Seen:   8
Last Analysis Date:  2016-04-10 10:06:02.756013 ( )
Human Expert Analysis Date:  2016-03-22 07:53:01.653636 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-10 10:06:02.756013 | Clean | |
Static Analysis Overall Verdict | 2016-04-10 10:06:02.756013 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2016-04-10 10:06:02.756013 | No Threat Found | help |
Human Expert Analysis Overall Verdict | 2016-03-22 07:53:01.653636 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Suspicious | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0/v6.0
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Has no visible windows |
Behavioral Information
C:\sample
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\RichEd20.DLL
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\MSVBVM60.DLL
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
InstallRoot
CLRLoadLogDir
OnlyUseLatestCLR
NoGuiFromShim
ProgramFilesDir
.HLP
C:\sample
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\trl.txt
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\tvl.txt
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Fonts\segoeui.ttf
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Fonts\segoeuil.ttf
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Fonts\seguisb.ttf
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\APTAT.Application.exe.config
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\APTAT.Application.exe
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\APTAT.Bootstrapper.exe
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\cmdapt64.exe
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\cmdapt86.exe
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\APTAT.Core.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\FluentValidation.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Microsoft.ReportViewer.Common.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Microsoft.ReportViewer.DataVisualization.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Microsoft.ReportViewer.ProcessingObjectModel.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Microsoft.ReportViewer.WinForms.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Newtonsoft.Json.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\System.Windows.Interactivity.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.FixedDocumentViewers.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.GridView.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.Input.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.Navigation.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Data.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Documents.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Documents.Fixed.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Themes.Windows8.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Zip.dll
C:\Users\win7\AppData\Local\Temp\7ZipSfx.000\Valkyrie.WebApiProvider.dll
\??\C:\Windows\SysWOW64\ieframe.dll
C:\sample.config
C:\Users\win7\AppData\Local\Temp\nsa13D1.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsa13D1.tmp\KillProcDLL.dll
\??\C:\Windows\System32\shdocvw.dll
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\sample.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Tahoma
MS Shell Dlg 2
Software\Microsoft\.NETFramework\Policy\
v2.0
Software\Microsoft\.NETFramework
Upgrades
Standards
AppPatch
Software\Microsoft\.NETFramework\Policy\Standards
v4.0.30319
Software\Microsoft\.NETFramework\Policy\Upgrades
SOFTWARE\Microsoft\OLEAUT
Software\Microsoft\Windows\CurrentVersion\Setup
Software\Microsoft\Windows\CurrentVersion
system\CurrentControlSet\control\NetworkProvider\HwOrder
Software\Microsoft\Rpc
Software\Policies\Microsoft\Windows NT\Rpc
Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
{babe9b14-0f98-11e5-b301-806e6f6e6963}\
{babe9b10-0f98-11e5-b301-806e6f6e6963}\
{babe9b11-0f98-11e5-b301-806e6f6e6963}\
SOFTWARE\Microsoft\CTF\Compatibility\sample
Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
SOFTWARE\Microsoft\CTF\TIP\
{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
Keyboard Layout\Toggle
Software\Microsoft\CTF\DirectSwitchHotkeys
SOFTWARE\Microsoft\CTF\
Software\Microsoft\CTF\LayoutIcon\0409\0000041f
SOFTWARE\Microsoft\CTF\KnownClasses
System\Setup
software\microsoft\windows\currentversion\setup\PnpLockdownFiles
AppID
{B324E3E1-F057-4813-AB06-7C4DD2FC66A1}
WebhardWebControl.DLL
WebhardWebControl.WebBBS.1
CLSID
Insertable
WebhardWebControl.WebBBS
CurVer
{B295CDA3-D18D-462e-BDD5-1E2455D31E75}
ProgID
VersionIndependentProgID
Programmable
InprocServer32
Control
ToolboxBitmap32
MiscStatus
TypeLib
Version
{0D72AFF8-83DB-4071-94B1-17FF8F39BC9A}
1.0
FLAGS
win32
HELPDIR
Interface
{A356EAE3-312D-4BAA-870A-44FA5D3C7BDB}
ProxyStubClsid32
{6A61F152-64E7-4476-86B5-B7C86F6C63A7}
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
Software\Microsoft\Windows
HTML Help
Help
<NULL>
t "Mutex_Smartfile"
Mutex_Smartfile
comctl32.dll
UxTheme.dll
ADVAPI32.dll
kernel32
IMM32.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
ntdll.dll
uxtheme
OLEAUT32.DLL
propsys.dll
ole32.dll
C:\Windows\SysWOW64\ieframe.dll
kernel32.dll
SHLWAPI.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
C:\Users\win7\AppData\Local\Temp\nsa13D1.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsa13D1.tmp\KillProcDLL.dll
PSAPI.DLL
imageres.dll
DEVRTL.dll
SETUPAPI.dll
RichEd20
C:\Windows\System32\shdocvw.dll
PROPSYS.dll
OLEAUT32.dll
SXS.DLL
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-03-21 07:55:34.756678 ( )
Analysis End Date:  2016-03-22 07:53:01.653636 ( )
File Upload Date:  2016-03-19 20:19:20.777328 ( )
Update Date:  2016-03-22 07:53:01.653641 ( )
Human Expert Analyst Feedback:   Clean
Verdict:   Clean
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|