Analyzing...
|
File Name:   HC_CEMEA_MEA_KSA_BA_SCM.exe
SHA1:   f90ae26e206a2234b0777e02629949a450a09271
MD5:   914af4a9d25499012c343b0b9ff214d6
First Seen Date:  2017-02-09 12:45:49.116977 ( )
Number of Clients Seen:   2
Last Analysis Date:  2017-02-09 12:45:49.116977 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-02-09 12:45:49.116977 | Malware | |
Static Analysis Overall Verdict | 2017-02-09 12:45:49.116977 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2017-02-09 12:45:49.116977 | Highly Suspicious |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Suspicious | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual C# / Basic .NET
.NET executable
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Has no visible windows |
Behavioral Information
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\HC_CEMEA_MEA_KSA_BA_SCM.exe
InstallRoot
CLRLoadLogDir
OnlyUseLatestCLR
NoGuiFromShim
C:\HC_CEMEA_MEA_KSA_BA_SCM.exe.config
C:\HC_CEMEA_MEA_KSA_BA_SCM.exe
Software\Microsoft\.NETFramework\Policy\
v2.0
Software\Microsoft\.NETFramework
Upgrades
Standards
AppPatch
Software\Microsoft\.NETFramework\Policy\Standards
v4.0.30319
Software\Microsoft\.NETFramework\Policy\Upgrades
ADVAPI32.dll
SHLWAPI.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|