|
SetupPSRCloud_5.0.2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Entropy: |
7.992226810369233
|
| Filename: |
SetupPSRCloud_5.0.2.exe
|
| Filesize: |
24045024
|
| MD5: |
3f0aa516242d152f76d1151b6524c9c6
|
| SHA1: |
e7974e9135d24357764c6f578a726e0ae145f3c2
|
| SHA256: |
a0fa184a9104b4488e40de447615e464ebbf79bd8b6fd916c34a610eb0c8bfdb
|
| SHA512: |
1ebc736ddc094d4f453b42cb6f21ad84876764e09849d4d399f792a7d4e56328718c61efbc988b2e4a9e86776b86bfc8566847795f02f0080a621dce6edffe5c
|
| SSDEEP: |
393216:T/DoJAghMA29qscUkpFzqFVxHbRUadxPxV8CMKNt/+pAHExcI4hsMiHn17zq6K2l:oJAlA29qZT+dbRUpZKNc9tzqy
|
| Preview: |
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| PE file contains sections with non-standard names |
Data Obfuscation |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Creates temporary files |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
| Reads software policies |
System Summary |
System Information Discovery
|
| Sample reads its own file content |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| PE / OLE file has a valid certificate |
Compliance, System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp
|
| Category: |
dropped
|
| Dump: |
SetupPSRCloud_5.0.2.tmp.1.dr
|
| ID: |
dr_0
|
| Target ID: |
1
|
| Process: |
C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe
|
| Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.395805168562771
|
| Encrypted: |
false
|
| Size: |
3230272
|
| Whitelisted: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
| Spawns processes |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
| Executable creates window controls seldom found in malware |
System Summary |
|
|
