|
Analyzing...
|
File Name: sollhlp.exe.part
SHA1: fe4ae415220c1de3d2c604ed7e947f1106312e98
MD5: 85e855037b7e77c123bc0bdc24eb6d99
First Seen Date: 2017-01-01 04:46:34.155386 ( )
Number of Clients Seen: 5
Last Analysis Date: 2020-06-01 15:04:53.905622 ( )
Human Expert Analysis Date: 2020-05-31 21:43:43.119231 ( )Human Expert Analysis Result: Malware
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2020-06-01 15:04:53.905622 | Malware | |
| Static Analysis Overall Verdict | 2020-06-01 15:04:53.905622 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2020-06-01 15:04:53.905622 | Highly Suspicious | |
| Human Expert Analysis Overall Verdict | 2020-05-31 21:43:43.119231 | Malware | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Clean | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Suspicious | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Packer detection on signature database
Armadillo v1.71
Microsoft Visual C++ v5.0/v6.0 (MFC)
Microsoft Visual C++
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Suspicious Behaviors | |
|---|---|
| Injects code to another process | |
| Modifies context of another process | |
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Reads memory of another process | |
| Opens a file in a system directory | |
Behavioral Information
C:\Windows\system32\odbcint.dll
MSVCRT.DLL
COMCTL32.DLL
imm32.dll
kernel32.dll
shell32.dll
ADVAPI32.dll
advapi32.dll
psapi.dll
C:\sollhlp.exe.part
C:\sollhlp.exe.par_
C:\Users\win7\AppData\Local\CSIDL_
C:\myapp.exe
C:\Windows\explorer.exe.\
SOFTWARE\Microsoft\BidInterface\Loader
SOFTWARE\ODBC\ODBC.INI\ODBC
C:\sollhlp.exe.part
qazwsxedc
C:\Windows\system32\ODBC32.dll
C:\sollhlp.exe.part
OpenProcess
WriteProcessMemory
CreateProcessA
CreateProcessW
GetThreadContext
SetThreadContext
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2020-05-31 18:34:23.263828 ( )
Analysis End Date: 2020-05-31 21:43:43.119231 ( )
File Upload Date: 2020-05-28 13:06:25.721103 ( )
Update Date: 2020-06-01 15:03:28.722494 ( )
Human Expert Analyst Feedback:
Verdict: Malware
Malware Family: Trojware
Malware Type: 0
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|