Analyzing...
|
File Name:   KjmrKVvvmvLSwWH.exe
SHA1:   f6e1c9a9287737494677c5f410849ddb8cff40ec
MD5:   7ab2cf6338403f824b65c5e1b06a087d
First Seen Date:  2015-10-07 19:14:04.350000 ( )
Number of Clients Seen:   7
Last Analysis Date:  2016-04-10 00:42:39.481871 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-10 00:42:39.481871 | Malware | |
Static Analysis Overall Verdict | 2016-04-10 00:42:39.481871 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2016-04-10 00:42:39.481871 | No Threat Found | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Anti-debug calls
TerminateProcess
UnhandledExceptionFilter
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Has no visible windows |
Behavioral Information
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
advapi32
api-ms-win-core-localization-l1-2-1
ADVAPI32.dll
comctl32.dll
UxTheme.dll
imageres.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
api-ms-win-appmodel-runtime-l1-1-1
ext-ms-win-kernel32-package-current-l1-1-0
OLEACCRC.DLL
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
ADVAPI32.DLL
C:\Windows\system32\dbghelp.dll
CRYPTSP.dll
CRYPTBASE.dll
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\instup.exe
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\Instup.dll
secur32.dll
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\uat.vpx.dll
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\AavmRpch.dll
Iphlpapi.dll
Ws2_32.dll
Dnsapi.dll
SHLWAPI.dll
winhttp.dll
WS2_32.dll
kernel32.dll
SspiCli.dll
RPCRT4.dll
DNSAPI.dll
advapi32.dll
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\HTMLayout.dll
Secur32.dll
SHELL32.dll
user32.dll
imm32.dll
HTMLayout.dll
comdlg32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
UXTHEME.DLL
Comctl32.dll
Msimg32.dll
IPHLPAPI.DLL
api-ms-win-downlevel-shlwapi-l2-1-0.dll
ncrypt.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
USER32.dll
msi.dll
VERSION.dll
C:\sample
IMM32.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
ole32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
Normaliz.dll
WINHTTP.dll
WindowsCodecs.dll
ntdll.dll
NSI.dll
CFGMGR32.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-Management-L2-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
WININET.dll
urlmon.dll
OLEAUT32.dll
dhcpcsvc.DLL
POWRPROF.DLL
CRYPT32.dll
USERENV.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
XmlLite.dll
WINTRUST.DLL
C:\Windows\syswow64\CRYPT32.dll
imagehlp.dll
bcrypt.dll
cryptnet.dll
uxtheme.dll
shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscoree.dll
ntdll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
AdvApi32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\abecd46ce0b212dad31a9e8f9adf073f\System.EnterpriseServices.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\19777cd74173fbe2e9931095cc8e057b\Microsoft.Vsa.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
Shell32.dll
propsys.dll
ntmarta.dll
C:\Windows\System32\shdocvw.dll
PROPSYS.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
C:\Users\win7\AppData\Local\Temp\bswD2F5.tmp.bat
C:\Windows\system32\version.dll
C:\Windows\system32\dwmapi.dll
C:\Windows\system32\atl.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\system32\winmm.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\powrprof.dll
C:\Windows\system32\d3d9.dll
C:\Windows\system32\d3d8thk.dll
C:\Windows\system32\mscms.dll
C:\Windows\system32\userenv.dll
C:\Windows\system32\profapi.dll
C:\Windows\system32\ieframe.dll
C:\Windows\system32\oleacc.dll
C:\Windows\system32\oleaccrc.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\msasn1.dll
C:\Windows\system32\crypt32.dll
C:\Windows\system32\psapi.dll
C:\Windows\system32\advapi32.dll
C:\Windows\system32\kernel32.dll
C:\Windows\system32\propsys.dll
C:\Windows\system32\secur32.dll
C:\Windows\system32\pcacli.dll
C:\Windows\system32\devrtl.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\Shell32.dll
C:\Users\win7\AppData\Local\Temp\{C90B46FF-DE73-4E38-A4CA-69BACC9DFA4A}\fpb.tmp
C:\Users\win7\AppData\Local\Temp\{1A756155-2AA1-4903-BAFD-324AAA8CE2C1}\fpb.tmp
C:\Windows\system32\Advapi32.dll
C:\Windows\system32\Msimg32.dll
atl.dll
KERNEL32.DLL
COMCTL32.DLL
COMDLG32.DLL
CRYPT32.DLL
DHCPCSVC.DLL
DNSAPI.DLL
FLTLIB.DLL
GDI32.DLL
IMAGEHLP.DLL
NETAPI32.DLL
NTDLL.DLL
OLE32.DLL
PSAPI.DLL
SFC.DLL
SHELL32.DLL
URLMON.DLL
USER32.DLL
USERENV.DLL
VERSION.DLL
WINHTTP.DLL
WININET.DLL
WINMM.DLL
WINSPOOL.DRV
WS2_32.DLL
WTSAPI32.DLL
BTHPROPS.DLL
BLUETOOTHAPIS.DLL
MSIMG32.DLL
IMM32.DLL
SETUPAPI.DLL
DWMAPI.DLL
WINDOWSCODECS.DLL
WINSTA.dll
FaultRep.dll
olepro32.dll
security.dll
C:\Windows\syswow64\CRYPT32.DLL
C:\Windows\system32\cryptnet.dll
profapi.dll
C:\Windows\syswow64\dbghelp.dll
KERNEL32.dll
GDI32.dll
msvcrt.dll
psapi.dll
C:\liebao.exe
C:\Windows\syswow64\kernel32.dll
C:\5.3.108.10912\liebao.dll
C:\liebao.dll
bdpredir_ssl.dll
C:\Windows\system32\ntdll
shell32
C:\idmvs.dll
Connect.dll
RASAPI32
shlwapi.dll
zipfldr.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\system32\ntshrui.dll
srvcli.dll
cscapi.dll
slc.dll
c:\windows\system32\imageres.dll
C:\Windows\system32\IconCodecService.dll
Mpr.dll
Userenv.dll
C:\PROGRAMDATA\PACKAGE CACHE\{050D4FC8-5D48-4B8F-8972-47C82C46020F}\VCREDIST_X64.EXE
C:\PROGRAMDATA\PACKAGE CACHE\{F65DB027-AFF3-4070-886A-0D87064AABB1}\VCREDIST_X86.EXE
C:\PROGRAM FILES\ORACLE\VIRTUALBOX GUEST ADDITIONS\UNINST.EXE
SHFOLDER
RichEd20
C:\Users\win7\AppData\Local\Temp\nsyCB01.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsyCB01.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsm7B53.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsm7B53.tmp\CityHash.dll
COMCTL32.dll
COMDLG32.dll
MPR.dll
WINMM.dll
WSOCK32.dll
C:\Users\win7\AppData\Local\Temp\nsw9F42.tmp\nsExec.dll
C:\Users\win7\AppData\Local\Temp\is-SCOOQ.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-SCOOQ.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-MH5PI.tmp\_isetup\_shfoldr.dll
shfolder.dll
C:\Windows\system32\imageres.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\shlwapi.dll
RICHED20.DLL
API-MS-Win-Core-RtlSupport-L1-1-0.dll
KERNELBASE.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Memory-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-File-L1-1-0.dll
API-MS-Win-Core-IO-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-NamedPipe-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-Localization-L1-1-0.dll
API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll
API-MS-Win-Core-String-L1-1-0.dll
API-MS-Win-Core-Debug-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-Fibers-L1-1-0.dll
API-MS-Win-Core-Util-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
user32
ole32
API-MS-Win-Core-Interlocked-L1-1-0.dll
kernelbase
sechost
combase
C:\Users\win7\AppData\Local\Temp\{0159E593-522C-4590-99A3-4030E700E49D}\fpb.tmp
C:\Users\win7\AppData\Local\Temp\{994913F8-0ED7-48F4-95FF-BBA145262B0E}\fpb.tmp
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\instup.exe
C:\sample
C:\Windows\syswow64\USER32.dll
C:\Windows\syswow64\MSCTF.dll
C:\Users\win7\AppData\Local\Tem
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\Instup.dll
C:\Users\win7\AppData\Local\Temp\_av_iup.tm~a02704\HTMLayout.dll
C:\Windows\SysWOW64\schannel.dll
?:\sample
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\ieframe.dll
C:\Windows\system32\DINPUT8.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\system32\FaultRep.dll
C:\Windows\system32\WINSTA.dll
C:\Windows\system32\WINDOWSCODECS.DLL
C:\Windows\system32\UXTHEME.DLL
C:\Windows\system32\DWMAPI.DLL
C:\Windows\system32\MSIMG32.DLL
C:\Windows\system32\WTSAPI32.DLL
C:\Windows\system32\WINSPOOL.DRV
C:\Windows\system32\WINMM.DLL
C:\Windows\system32\webio.dll
C:\Windows\system32\WINHTTP.DLL
C:\Windows\system32\sfc_os.DLL
C:\Windows\system32\SFC.DLL
C:\Windows\system32\wkscli.dll
C:\Windows\system32\srvcli.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.DLL
C:\Windows\system32\netutils.dll
C:\Windows\system32\NETAPI32.DLL
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\DNSAPI.dll
C:\CFVS_HookDll.dll
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\FLTLIB.DLL
C:\Windows\system32\DHCPCSVC.DLL
C:\Windows\system32\version.DLL
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\COMDLG32.DLL
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\OLEAUT32.DLL
C:\Windows\syswow64\KERNELBASE.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\CRYPT32.DLL
C:\Windows\syswow64\ole32.DLL
C:\Windows\syswow64\USERENV.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\SHELL32.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\IMAGEHLP.DLL
C:\Windows\syswow64\WINTRUST.DLL
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\CFGMGR32.dll
C:\Windows\syswow64\iertutil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\syswow64\LPK.dll
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\SETUPAPI.DLL
C:\Windows\syswow64\DEVOBJ.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Windows\syswow64\GDI32.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\system32\Connect.dll
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\zipfldr.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\system32\RichEd20.DLL
C:\DLL_Loader.exe
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\win7\AppData\Local\Temp\is-J04OJ.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\nsw9F42.tmp\setupcl.exe
C:\Users\win7\AppData\Local\Temp\is-SCOOQ.tmp\sample.tmp
C:\Windows\system32\RICHED20.DLL
C:\Windows\system32\sxs.DLL
C:\Windows\syswow64\oleaut32.DLL
C:\Windows\syswow64\nt0_dll.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|