The binary likely contains encrypted or compressed data. Show sources
| packer_section | name: .data, entropy: 7.96, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000d0400, virtual_size: 0x000d1bb0 |
Attempts to remove evidence of file being downloaded from the Internet Show sources
| file_delete | C:\ProgramData\SDgswYXSvL\readme.exe:Zone.Identifier |
Attempts to connect to a dead IP:Port (1 unique times) Show sources
| network_host_ip | 46.4.120.155:45700 (Germany) |
HTTP traffic contains suspicious features which may be indicative of malware related traffic Show sources
| network_anomaly | HTTP connection was made to an IP address rather than domain name |
| network_anomaly | http://185.202.172.106/file.txt |
Performs some HTTP requests Show sources
| network_url | http://185.202.172.106/file.txt |
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |