Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AsyncRAT
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara signature match