UmiDataServer v1.0.1.1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.906497587104928
|
Filename: |
UmiDataServer v1.0.1.1.exe
|
Filesize: |
5481832
|
MD5: |
75c876a06f5679e880e91897c83789b1
|
SHA1: |
13703a9cac7af619e4e79f3dde2dc7890277b448
|
SHA256: |
258fd554afd7aaf894c069a35b2e1ba65fb9f0dd5bb11f9573d800088f18277e
|
SHA512: |
c0a494c82b46f1c126d4e228d8255621f33c4f18732afac522c05d55e587d956e3249c16a9a548228dde24413d2eb3d3164f4cf480b9701a06ba06d160a5c5ad
|
SSDEEP: |
98304:ykLHPnPTX9HH3jYFaJRZtQrgQp9rrtyomB1JlptFQeK4t29s4C1eH9Q:dXTFH3C5htyomhlptW4t5o9Q
|
Preview: |
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
Tries to load missing DLLs |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads software policies |
System Summary |
System Information Discovery
|
Sample reads its own file content |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\is-IKNN5.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\is-IKNN5.tmp\_isetup\_setup64.tmp
|
Category: |
dropped
|
Dump: |
_setup64.tmp.1.dr
|
ID: |
dr_1
|
Target ID: |
1
|
Process: |
C:\Users\user\AppData\Local\Temp\is-IUSS4.tmp\UmiDataServer v1.0.1.1.tmp
|
Type: |
PE32+ executable (console) x86-64, for MS Windows
|
Entropy: |
4.720366600008286
|
Encrypted: |
false
|
Size: |
6144
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\is-IUSS4.tmp\UmiDataServer v1.0.1.1.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\is-IUSS4.tmp\UmiDataServer v1.0.1.1.tmp
|
Category: |
dropped
|
Dump: |
UmiDataServer v1.0.1.1.tmp.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UmiDataServer v1.0.1.1.exe
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.325051083907163
|
Encrypted: |
false
|
Size: |
3199488
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Tries to load missing DLLs |
System Summary |
|
Creates files inside the user directory |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads the Windows registered organization settings |
System Summary |
System Owner/User Discovery
|
Spawns processes |
System Summary |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Executable creates window controls seldom found in malware |
System Summary |
|
Reads the Windows registered owner settings |
System Summary |
System Owner/User Discovery
|
|