SetupPSRCloud_5.0.2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.992226810369233
|
Filename: |
SetupPSRCloud_5.0.2.exe
|
Filesize: |
24045024
|
MD5: |
3f0aa516242d152f76d1151b6524c9c6
|
SHA1: |
e7974e9135d24357764c6f578a726e0ae145f3c2
|
SHA256: |
a0fa184a9104b4488e40de447615e464ebbf79bd8b6fd916c34a610eb0c8bfdb
|
SHA512: |
1ebc736ddc094d4f453b42cb6f21ad84876764e09849d4d399f792a7d4e56328718c61efbc988b2e4a9e86776b86bfc8566847795f02f0080a621dce6edffe5c
|
SSDEEP: |
393216:T/DoJAghMA29qscUkpFzqFVxHbRUadxPxV8CMKNt/+pAHExcI4hsMiHn17zq6K2l:oJAlA29qZT+dbRUpZKNc9tzqy
|
Preview: |
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads software policies |
System Summary |
System Information Discovery
|
Sample reads its own file content |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE / OLE file has a valid certificate |
Compliance, System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp
|
Category: |
dropped
|
Dump: |
SetupPSRCloud_5.0.2.tmp.1.dr
|
ID: |
dr_0
|
Target ID: |
1
|
Process: |
C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.395805168562771
|
Encrypted: |
false
|
Size: |
3230272
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Executable creates window controls seldom found in malware |
System Summary |
|
|