Edit tour
Windows
Analysis Report
dupeGuru_win64_4.3.1.exe
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Binary contains a suspicious time stamp
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
- System is w10x64
- dupeGuru_win64_4.3.1.exe (PID: 4540 cmdline:
"C:\Users\ user\Deskt op\dupeGur u_win64_4. 3.1.exe" MD5: D82FF512B88C1ADC706ABBB7BBA938F2)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Window detected: |