Automated Malware Analysis IOC Report for

File Path

Type

Category

Malicious

UmiDataServer v1.0.1.1.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.906497587104928
Filename:	UmiDataServer v1.0.1.1.exe
Filesize:	5481832
MD5:	75c876a06f5679e880e91897c83789b1
SHA1:	13703a9cac7af619e4e79f3dde2dc7890277b448
SHA256:	258fd554afd7aaf894c069a35b2e1ba65fb9f0dd5bb11f9573d800088f18277e
SHA512:	c0a494c82b46f1c126d4e228d8255621f33c4f18732afac522c05d55e587d956e3249c16a9a548228dde24413d2eb3d3164f4cf480b9701a06ba06d160a5c5ad
SSDEEP:	98304:ykLHPnPTX9HH3jYFaJRZtQrgQp9rrtyomB1JlptFQeK4t29s4C1eH9Q:dXTFH3C5htyomhlptW4t5o9Q
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
PE file contains sections with non-standard names	Data Obfuscation
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses 32bit PE files	Compliance, System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads software policies	System Summary	System Information Discovery
Sample reads its own file content	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\is-IKNN5.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-IKNN5.tmp\_isetup\_setup64.tmp
Category:	dropped
Dump:	_setup64.tmp.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\is-IUSS4.tmp\UmiDataServer v1.0.1.1.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	4.720366600008286
Encrypted:	false
Size:	6144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\is-IUSS4.tmp\UmiDataServer v1.0.1.1.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-IUSS4.tmp\UmiDataServer v1.0.1.1.tmp
Category:	dropped
Dump:	UmiDataServer v1.0.1.1.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\UmiDataServer v1.0.1.1.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.325051083907163
Encrypted:	false
Size:	3199488
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Tries to load missing DLLs	System Summary	DLL Side-Loading
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads the Windows registered organization settings	System Summary	System Owner/User Discovery
Spawns processes	System Summary	Process Injection
Uses an in-process (OLE) Automation server	System Summary
Executable creates window controls seldom found in malware	System Summary
Reads the Windows registered owner settings	System Summary	System Owner/User Discovery

IOC Report
UmiDataServer v1.0.1.1.exe